Hi, thanks for pointing this out. The list grew over time and the heading is no longer correct. I now changed it to:
"Other Root Certification Authorities had security breaches or allowed the abuse (willingly or unwillingly) of the ROOT CA Key for spying purposes." regards, skyper On Tue, Dec 10, 2013 at 11:31 AM, Gervase Markham <[email protected]> wrote: > On 09/12/13 12:42, Ralf Skyper Kaiser wrote: > > I added the incident to https://wiki.thc.org/ssl#OtherIncidents > > This is incorrectly listed - the heading here is "Other leading Root > Certification Authorities had security breaches, some of them allowed > the attacker to issue valid certificate for any domain." > > As far as anyone is aware, there was no attack on the CA and no security > breach in this case. You either need to change the heading, or remove > ANSSI and TurkTrust and Trustwave from the list. > > > Will there be more public information available? > > The Mozilla bug is now open: > https://bugzilla.mozilla.org/show_bug.cgi?id=946351 > > and Google has published most of the cert chain: > https://www.imperialviolet.org/binary/anssi-chain.txt > > Gerv >
