Google Groups

Re: Latest Update of Today


TURKTRUST Jan 6, 2013 7:16 AM
Posted in group: mozilla.dev.security.policy
It appears that Dec 6th date is a bogus one. It seems that the firewall had replicated the true google cert at https://encrypted.google.com/ as soon as the MITM was activated on 21st of December.

Not really wanted to be a part of a discussion about whether their action was delibarate or not to issue a faulty cert, but let us share with you what they (EGO and the firewall representative) have confirmed to us yesterday: They had first tried to use the internal CA on the firewall. The internal clients (obviously) had given trust warning, so they had decided to export the trusted cert on the web mail server. They should, of course,  have chosen to install trust for the internal CA into their clients in the domain.



On Saturday, January 5, 2013 10:03:46 PM UTC+2, Erwann Abalea wrote:
> Le samedi 5 janvier 2013 20:57:15 UTC+1, Erwann Abalea a écrit :
>
> > But based on evidence found here:  http://pastebin.com/0kchRaYp
>
> > the faulty Google certificate was generated on Dec 6th. And this certificate correctly chains up to your "TURKTRUST_Elektronik_Sunucu_Sertifikasi_Hizmetleri_s2" root CA included in Mozilla.
>
>
>
> Sorry, copied/pasted the wrong name. The root this MITM chains up to is named
>
> "CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005"
>
> (UTF8 combined with completely foreign names is hard to deal with)