Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Sunday 04 September 2011 13:54:29 Yves-Alexis Perez wrote:
> On dim., 2011-09-04 at 13:34 -0500, Raphael Geissert wrote:
> > On Sunday 04 September 2011 10:35:16 Yves-Alexis Perez wrote:
> > > For other NSS users I guess they're ok? I've just checked in evolution
> > > certificate store and there's no DigiNotar one, though I don't know if
> > > evolution would prevent connection to an imap/pop/smtp server with a
> > > relevant certificate.
> > Did you look for "Explicitly Disabled DigiNotar..."?
> What do you mean?
NSS now ships modified certs of DigiNotar, their name is "Explicitly Disabled
DigiNotar <rest of the original CN here>"
In chromium, for example, if you browse a DigiNotar-signed website and check
the certificate chain you will see the Explicitly Disabled cert there.
Giuseppe, do you already have plans for updating chromium? (more info on the
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net