Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] French Government doing SSL MITM

andrew cooke andrew at acooke.org
Sun Dec 8 08:14:48 PST 2013


Google detected it and informed the French -
http://googleonlinesecurity.blogspot.com/2013/12/further-improving-digital-certificate.html

Despite it being used on a private network, and with user consent, it is
reportedly a violation of procedures.  Google classify it as a "serious
breach".

Andrew

On Sun, Dec 08, 2013 at 06:05:42PM +0200, Maxim Kammerer wrote:
> On Sun, Dec 8, 2013 at 2:34 PM, Fabio Pietrosanti (naif)
> <lists at infosecurity.ch> wrote:
> > a very dirty fact happened yesterday that still didn't have the
> > appropriate attention.
> 
> An actual summary: someone at French MoF used the wrong certificates
> to sign domains for an internal DPI proxy, and the agency in charge of
> network security then notified Google in order to revoke the relevant
> certificates. The end.
> 
> -- 
> Maxim Kammerer
> Liberté Linux: http://dee.su/liberte
> -- 
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.



More information about the liberationtech mailing list