Google Internet Authority ... Previous subject Re: Fwd: [ PRIVACY Forum ] Surveillance via bogus SSL certificates

[Sarad AV]

Sarad AV wrote:
> > Another question, this one is specific to gmail -
> which the entire
> > session is on https.
> 
> > when i click a pdf in my gmail to be opened with
> google docs, the
> > certificate is signed by google(used a third part
> browser plugin to
> > check this). that is fine, however my browser never
> alerts me as a
> > potential untrusted certificate and if want to add it
> as an
> > exception. does that mean google is an intermediate CA
> or what does
> > that mean?

Dave Howe wrote:
> You should be able to check the certificate chain on the
> object and see.
> I haven't tried this (and given its 1am I am not going to
> now, but I may
> do so when I get time :)
> 

I checked it out. When I open any pdf or ppt from my gmail(persistent https) using google documents, the certificate is issued by Google Internet Authority and issued to Google Inc. From the firefox trusted certificate list it is seen that Equifax is a root CA and has issued certificate to Google Internet Authority.

This being said why does google gets certified from thawte and prsents us its certificate when we open gmail.com? The firefox browser trusts Google Internet Authority and doesnot warn of a potential untrusted site when i open a pdf from gmail(https) with google docs.

Thanks,
Sarad.