←back to thread

A Brazilian CA trusted only by Microsoft has issued a certificate for google.com

(follow.agwa.name)
482 points sanqui | 1 comments | 30 Nov 24 21:35 UTC | HN request time: 0.001s | source
Show context
danpalmer ◴[01 Dec 24 00:47 UTC] No.42285229[source]
This is a bad look. I expected the result would be Chrome and Firefox dropping trust for this CA, but they already don't trust this CA. Arguably, Microsoft/Windows trusting a CA that the other big players choose not to trust is an even worse look for Microsoft.
replies(8): >>42285389 #>>42285408 #>>42285431 #>>42285622 #>>42286061 #>>42286142 #>>42286897 #>>42287654 #
move-on-by ◴[01 Dec 24 01:32 UTC] No.42285431[source]
Also being issued on a major US holiday- when many are on PTO- does not help with the look.
replies(1): >>42285701 #
alganet ◴[01 Dec 24 02:37 UTC] No.42285701[source]
During carnival we brazillians often take 3 or 4 days leave.

Would it be fair during that time if I asked you to hold your PRs, bug tickets and work in general because we're on paid leave?

On-call rotation exists for those reasons. Otherwise, all countries would need to respect all other countries holidays.

In fact, we're not even aware of most US holidays. It is likely to be a coincidence.

replies(6): >>42286029 #>>42286059 #>>42286108 #>>42286214 #>>42286300 #>>42286357 #
move-on-by ◴[01 Dec 24 04:58 UTC] No.42286300{3}[source]
My comment is not about how all work should stop during US holidays.

What I’m attempting to refer to, is that _if_ this was done with malicious intent, then maybe the hope was that doing it during a holiday would reduce response time or allow it to fly under the radar. Of course, as you say, just because it was a holiday does not inherently mean it’s malicious, it has plausible deniability.

replies(1): >>42286376 #
1. alganet ◴[01 Dec 24 05:17 UTC] No.42286376{4}[source]
What I actually said is that I believe that the notion of a holiday "hiding" these activities is naive. I don't think it makes any difference.

I don't know if there's a rotation or another system. I think there are probably multiple across different parties responsible for maintaining CA trust.