[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

On Sunday 04 September 2011 13:54:29 Yves-Alexis Perez wrote:
> On dim., 2011-09-04 at 13:34 -0500, Raphael Geissert wrote:
> > On Sunday 04 September 2011 10:35:16 Yves-Alexis Perez wrote:
> > > For other NSS users I guess they're ok? I've just checked in evolution
> > > certificate store and there's no DigiNotar one, though I don't know if
> > > evolution would prevent connection to an imap/pop/smtp server with a
> > > relevant certificate.
> > 
> > Did you look for "Explicitly Disabled DigiNotar..."?
> 
> What do you mean?

NSS now ships modified certs of DigiNotar, their name is "Explicitly Disabled 
DigiNotar <rest of the original CN here>"
In chromium, for example, if you browse a DigiNotar-signed website and check 
the certificate chain you will see the Explicitly Disabled cert there.

Giuseppe, do you already have plans for updating chromium? (more info on the 
CCed bug.)

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Reply to: