cURL / Mailing Lists / curl-library / Single Mail

curl-library

Fraudulent Certificates

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 24 Mar 2011 09:22:58 +0100 (CET)

Hi friends,

There's this incident that has been talked about the last couple of days where
"an attacker" managed to get several fraudulent SSL certificates for public
websites.

Chrome and Firefox now both block these certificates explicitly.

I assume there's reason for us to consider doing the same, to protect our
users who might use libcurl to access such sites.

I'll appreciate feedback and ideas.

More details:

http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/

https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2011-03-24

This message: [ Message body ]
Next message: Patricia Muscalu: "Re: SMTP authentication methods in API [PATCH]"
Previous message: Tor Arntsen: "Re: building libcurl with SSL on AIX53/61"
Next in thread: Ben Noordhuis: "Re: Fraudulent Certificates"
Reply: Ben Noordhuis: "Re: Fraudulent Certificates"
Reply: Kamil Dudka: "Re: Fraudulent Certificates"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]