(follow.agwa.name)

482 points sanqui | 1 comments | 30 Nov 24 21:35 UTC | HN request time: 0s | source

Show context

noitpmeder ◴[01 Dec 24 01:02 UTC] No.42285295[source]▶

Not clear (to me) in the original post -- was this done accidentally or intentionally?

replies(4): >>42285340 #>>42285374 #>>42285593 #>>42285609 #

woodson ◴[01 Dec 24 02:15 UTC] No.42285609[source]▶

As a CA, how does one accidentally issue a certificate for google.com? I mean, is there a scenario that isn't malicious?

replies(3): >>42285625 #>>42286101 #>>42288078 #

tptacek ◴[01 Dec 24 02:19 UTC] No.42285625[source]▶

>>42285609 #

Yes, if the interception system involved was meant only for resources within Brazil’s own agency networks.

replies(2): >>42285842 #>>42286581 #

lxgr ◴[01 Dec 24 03:07 UTC] No.42285842[source]▶

>>42285625 #

But that's not allowed for publicly trusted roots under any circumstances, right? Not sure if that would qualify as an accident.

replies(1): >>42285964 #

foota ◴[01 Dec 24 03:33 UTC] No.42285964[source]▶

>>42285842 #

I think the parent is saying that if they meant to use the cert only internally (e.g., to monitor employees) then that would arguably not be malicious.

replies(4): >>42285966 #>>42286063 #>>42286215 #>>42286226 #

1. JumpCrisscross ◴[01 Dec 24 04:36 UTC] No.42286226{3}[source]▶

>>42285964 #

> if they meant to use the cert only internally (e.g., to monitor employees)

Or to redirect to an internal, no doubt pitched as more secure, search engine.

↑

A Brazilian CA trusted only by Microsoft has issued a certificate for google.com