that's the link if anyone doesnt prefer to follow the shortened url.
http://www.theregister.co.uk/2010/04/06/mysterious_mozilla_apple_certificate...
like Mr. Brennen says, this is very bad. i also wonder what the browser policy
for major browsers are when a root CA company is acquired by another company.
Is trust automatically transfered to the new company? Will the browser keep or
revoke these certificates?
Sarad.
--- On Wed, 4/7/10, V. Alex Brennen
From: V. Alex Brennen
Subject: Re: Fwd: [ PRIVACY Forum ] Surveillance via bogus SSL certificates To: cypherpunks@al-qaeda.net Date: Wednesday, April 7, 2010, 7:37 AM Aside from a man in the middle attack, it's highly possible that browser developers are not doing a very good job of managing and auditing the root ca certificates that they ship included with the browser releases. Further, it's possible that CA's aren't doing a good job of keeping track of what certificates they submit to browser developers. Take a look at this discussion:
After reading that discussion, I'd be much less surprised to hear that a bogus root ca certificate, even one that fraudulently identified its source as a major trusted ca, was included in a series of browser releases from at least one of the major developers.
- VAB