On Mon, Jan 14, 2013 at 7:23 AM, Harald Hanche-Olsen <han...@math.ntnu.no> wrote: > [Ben Laurie <b...@links.org> (2013-01-14 11:04:11 UTC)] > >> How is any CA involved in this? > > I was wondering the same thing. But then I went back to the first post > of this series, which mentions [1] as the primary source. The actual > evidence is seen in [2], linked to from [1]. > > [1] http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/ > [2] http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/nokia-certs/ I could be wrong, but I believe Ben was alluding to "did a CA issue a certificate for a domain outside the control of the operator." I could not find evidence of it from the blog, and I don't have service that allows me to test it. So far, I've only seen certificates for that cloud service. Otherwise, I would have gone for the jugular.
Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography