[nsp-sec] Google Certificate Problems?
Chris Morrow
morrowc at ops-netman.net
Tue Aug 30 10:52:22 EDT 2011
On 08/30/11 04:22, Florian Weimer wrote:
> * Chris Morrow:
>
>> ----------- nsp-security Confidential --------
>>
>> think this got some coverage in the news, as well as internally... it
>> seems mozilla decided to drop the whole of the CA?
>
> AFACIT, Mozilla has yet to roll out the update. It would be a
> surprising move and could have unpredictable consequences, so maybe
> they're reconsidering.
perhaps, I'm on vacation so... not seeing all the chatter :(
It looks like MS, google and mozilla are taking some actions though:
ms: <http://www.microsoft.com/technet/security/advisory/2607712.mspx>
chrome-news:
<http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html>
mozilla
<http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert?s=diginotar&as=s>
the mozilla one says: "Will be releasing" which seems to indicate
Florian's right, they are still deciding what to do. Diginotar did
release a press note:
<http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx>
More information about the nsp-security
mailing list