(follow.agwa.name)

482 points sanqui | 1 comments | 30 Nov 24 21:35 UTC | HN request time: 0s | source

Show context

noitpmeder ◴[01 Dec 24 01:02 UTC] No.42285295[source]▶

Not clear (to me) in the original post -- was this done accidentally or intentionally?

replies(4): >>42285340 #>>42285374 #>>42285593 #>>42285609 #

tptacek ◴[01 Dec 24 02:10 UTC] No.42285593[source]▶

The certificate was registered in CT, so a reasonable assumption would be that this was accidental, because it was guaranteed to be noticed and to generate drama that would threaten the capability they arranged, presumably at some significant expense.

replies(1): >>42286349 #

px43 ◴[01 Dec 24 05:10 UTC] No.42286349[source]▶

>>42285593 #

What is CT here? Central Time? Connecticut? Maybe Certificate Transparency? I guess that last one might make the most sense. Abbreviations are hard.

replies(2): >>42287078 #>>42287199 #

bart__ ◴[01 Dec 24 09:00 UTC] No.42287199[source]▶

>>42286349 #

Certificate Transparency, all CA's log their issued certificates to central log servers, managed by Cloudflare, google etc. If this is not done, the certificate will not be seen as trusted by Browsers. It was designed to have a publicly auditable source of issued certificates, exactly so we can notice rogue google.com certs.

replies(2): >>42288032 #>>42288645 #

1. probstal ◴[01 Dec 24 14:36 UTC] No.42288645{3}[source]▶

>>42287199 #

Actually, it won't be trusted by most browsers. As of today, Firefox hasn't implemented it yet [0]

[0] https://bugzilla.mozilla.org/show_bug.cgi?id=1281469

↑

A Brazilian CA trusted only by Microsoft has issued a certificate for google.com