Jump to content

Google and the Indian CA

Lost In Cyberia

Recommended Posts

Hey everyone, Have you guys heard about this?

For the TL;DR version. Google's domains where found to be signed to an unknown person. The Signer of the certificate was a CA in India. The CA accidently issued 45 SSL certs for domains that were owned by google and yahoo. My question is that, how can the google certs be signed, and then the same domain signed again by the Indian CA? Can a domain be signed twice? It seems like this shouldn't be the case...

Also is revoking a certification the same thing as removing it from the Cert store? I know that Chrome doesn't really check for revocation.. So does that mean they just relay on "bad" ssl certs to be removed completely from the store?

Link to comment
Share on other sites

You can have a billion certs for a domain, but the domain can only provide 1 (1 ip = 1 cert because part of the protocol involves a reverse dns lookup). Which of the billion the domain provides is up to the admin.

It doesn't make a lot of sense to have a ton of certs, but nothing's stopping you.

Link to comment
Share on other sites

Revoking a cert means the CA marks the cert as being bad. Certs work on the basis of a trusted third party that tells you the other side of the connection really is who you expect. You don't know the other party, but you know and trust the CA (CA cert is in your trust store) and so you trust their claim that the other party really is that other party.

But even CAs make mistakes so you (shouls) check the revokation list of the CA when you connect to a site that CA says is legit to make sure it hasn't changed its mind about that.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...