Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Sunday 04 September 2011 13:54:29 Yves-Alexis Perez wrote:
> On dim., 2011-09-04 at 13:34 -0500, Raphael Geissert wrote:
> > On Sunday 04 September 2011 10:35:16 Yves-Alexis Perez wrote:
> > > For other NSS users I guess they're ok? I've just checked in evolution
> > > certificate store and there's no DigiNotar one, though I don't know if
> > > evolution would prevent connection to an imap/pop/smtp server with a
> > > relevant certificate.
> >
> > Did you look for "Explicitly Disabled DigiNotar..."?
>
> What do you mean?
NSS now ships modified certs of DigiNotar, their name is "Explicitly Disabled
DigiNotar <rest of the original CN here>"
In chromium, for example, if you browse a DigiNotar-signed website and check
the certificate chain you will see the Explicitly Disabled cert there.
Giuseppe, do you already have plans for updating chromium? (more info on the
CCed bug.)
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Reply to: