[191257] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Chinese root CA issues rogue/fake certificates

daemon@ATHENA.MIT.EDU (Eric Kuhnke)
Wed Aug 31 00:38:59 2016

X-Original-To: nanog@nanog.org
From: Eric Kuhnke <eric.kuhnke@gmail.com>
Date: Tue, 30 Aug 2016 21:38:55 -0700
To: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org

http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html

One of the largest Chinese root certificate authority WoSign issued many
fake certificates due to an vulnerability.  WoSign's free certificate
service allowed its users to get a certificate for the base domain if they
were able to prove control of a subdomain. This means that if you can
control a subdomain of a major website, say percy.github.io, you're able to
obtain a certificate by WoSign for github.io, taking control over the
entire domain.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[191257] in North American Network Operators' Group

Chinese root CA issues rogue/fake certificates

daemon@ATHENA.MIT.EDU (Eric Kuhnke)Wed Aug 31 00:38:59 2016

daemon@ATHENA.MIT.EDU (Eric Kuhnke)
Wed Aug 31 00:38:59 2016