←back to thread

A Brazilian CA trusted only by Microsoft has issued a certificate for google.com

(follow.agwa.name)
482 points sanqui | 1 comments | 30 Nov 24 21:35 UTC | HN request time: 0.203s | source
Show context
noitpmeder ◴[01 Dec 24 01:02 UTC] No.42285295[source]
Not clear (to me) in the original post -- was this done accidentally or intentionally?
replies(4): >>42285340 #>>42285374 #>>42285593 #>>42285609 #
woodson ◴[01 Dec 24 02:15 UTC] No.42285609[source]
As a CA, how does one accidentally issue a certificate for google.com? I mean, is there a scenario that isn't malicious?
replies(3): >>42285625 #>>42286101 #>>42288078 #
tptacek ◴[01 Dec 24 02:19 UTC] No.42285625[source]
Yes, if the interception system involved was meant only for resources within Brazil’s own agency networks.
replies(2): >>42285842 #>>42286581 #
1. 8organicbits ◴[01 Dec 24 06:12 UTC] No.42286581[source]
Note that this scenario happened for ANSSI and MCS Holdings, so there would be precedence. I'm eager to see what Google concludes this time.

https://security.googleblog.com/2013/12/further-improving-di...

https://security.googleblog.com/2015/03/maintaining-digital-...