(follow.agwa.name)

482 points sanqui | 1 comments | 30 Nov 24 21:35 UTC | HN request time: 0.327s | source

Show context

cjalmeida ◴[01 Dec 24 01:32 UTC] No.42285429[source]▶

It gets worse. ICP-Brasil, the AC mentioned in the bug reports, the the government run agency responsible for all things related to digital signatures. Digitally signing a contract, a deed, accessing tax returns…

replies(2): >>42285683 #>>42286883 #

layer8 ◴[01 Dec 24 02:33 UTC] No.42285683[source]▶

>>42285429 #

Unlike web browsers, digital signature use cases should perform revocation checks, so revoking the google.com certificate should solve that.

replies(3): >>42285783 #>>42285825 #>>42292286 #

perching_aix ◴[01 Dec 24 02:53 UTC] No.42285783[source]▶

>>42285683 #

I think the current "meta" is CAA records? https://blog.cloudflare.com/why-certificate-pinning-is-outda...

replies(2): >>42285927 #>>42292557 #

1. 8organicbits ◴[01 Dec 24 03:25 UTC] No.42285927[source]▶

>>42285783 #

Correct, which Google is using:

https://www.nslookup.io/domains/google.com/dns-records/caa/

↑

A Brazilian CA trusted only by Microsoft has issued a certificate for google.com