Commit 797e25c6 authored by Tails developers's avatar Tails developers
Browse files

doc: Mention the DigiNotar debacle

parent 40ecdb3a
......@@ -87,7 +87,9 @@ the service.
[[!img ssl_warning.png link=no alt="This Connection is Untrusted"]]
But on top of that the certificate authorities model of trust on Internet is
susceptible to various methods of compromise. For example, in March 15, 2011,
susceptible to various methods of compromise.
For example, on March 15, 2011,
Comodo, one of the major SSL certificates company, reported that a user account
with an affiliate registration authority had been compromised. It was then used
to create a new user account that issued nine certificate signing requests for
......@@ -96,6 +98,14 @@ seven domains: mail.google.com, login.live.com, www.google.com, login.yahoo.com
See [Comodo: The Recent RA
Compromise](http://blogs.comodo.com/it-security/data-security/the-recent-ra-compromise/).
Later in 2011, DigiNotar, a Dutch SSL certificate company, incorrectly issued
certificates to a malicious party or parties. Later on, it came to light that
they were apparently compromised months before or perhaps even in May of 2009 if
not earlier. Rogues certificates were issued for domains such as google.com,
mozilla.org, torproject.org, login.yahoo.com and many more. See, [The Tor
Project: The DigiNotar Debacle, and what you should do about
it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it).
**This still leaves open the possibility of a man-in-the-middle attack even when
your browser is trusting an HTTPS connection.**
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment