(follow.agwa.name)

482 points sanqui | 1 comments | 30 Nov 24 21:35 UTC | HN request time: 0.204s | source

Show context

leonidasv ◴[01 Dec 24 01:49 UTC] No.42285504[source]▶

ICP-Brasil officially stopped emitting public-facing SSL/TLS certificates in October: https://www.gov.br/iti/pt-br/assuntos/noticias/indice-de-not...

This is pretty bad. Someone circunvented the ban on emitting public certificates but also disrespected Google's CAA rules. Hope this CA gets banned on Microsoft OSes for good.

replies(2): >>42285566 #>>42293773 #

TheRealPomax[dead post] ◴[01 Dec 24 02:04 UTC] No.42285566[source]▶

>>42285504 #

[flagged]

semitones ◴[01 Dec 24 02:23 UTC] No.42285642[source]▶

>>42285566 #

Do you actually understand what's going here?

replies(3): >>42285674 #>>42286202 #>>42291449 #

raincole ◴[01 Dec 24 04:30 UTC] No.42286202[source]▶

>>42285642 #

As someone who doesn't understand what's actually going on: could someone ELI5?

replies(1): >>42286322 #

saagarjha ◴[01 Dec 24 05:04 UTC] No.42286322[source]▶

>>42286202 #

CAs are in the business of being a trusted third party that, among other things, verifies the identity of things. In this case someone seems to have scammed/hacked/whatever the CA into issuing a certificate for google.com, which is clearly bogus. So the result is that we should not trust this CA anymore.

replies(1): >>42286378 #

raincole ◴[01 Dec 24 05:17 UTC] No.42286378[source]▶

>>42286322 #

But why would someone hacked a CA to just... issue a certificate for google.com? How does it benifit them? I'd imagine they issue a certficate for some phishing sites or something.

replies(3): >>42286420 #>>42286833 #>>42286895 #

1. cmeacham98 ◴[01 Dec 24 05:27 UTC] No.42286420[source]▶

>>42286378 #

It's entirely possible this certificate is being used to mitm attack and phish people right now.

↑

A Brazilian CA trusted only by Microsoft has issued a certificate for google.com