Re: Fwd: Has any public CA ever had their certificate revoked?

2009-05-04 Thread Ian G
On 3/5/09 15:32, Ben Bucksch wrote: On 03.05.2009 09:06, Ian G wrote: (5) possibly as consequence of all the above, it can be claimed that it is an empty threat, and no more than a security/marketing tool for PKI people. Consequently, we need to either: * Make that threat not empty This is

Re: Fwd: Has any public CA ever had their certificate revoked?

2009-05-04 Thread Ian G
On 3/5/09 15:43, Eddy Nigg wrote: On 05/03/2009 10:06 AM, Ian G: (2), there exists a standard need in audits to discuss disaster recovery. Curiously, this does not appear to be documented anywhere, draw your own speculations It's usually addressed in internal CA documentations and

Re: Fwd: Has any public CA ever had their certificate revoked?

2009-05-04 Thread Eddy Nigg
On 05/04/2009 09:12 AM, Ian G: On 3/5/09 15:43, Eddy Nigg wrote: That's not entirely correct, legacy CAs which requested EV enabled had to go through the process as if they were new roots. See also the current thread of Verizon/Cybertrust. Ah! Well corrected. I did not know that. Are you

Hacking Firefox

2009-05-04 Thread Andrews, Rick
A customer asked this question, and I couldn't answer it. Let's say I'm a hacker with access to a public kiosk, and I want users of that kiosk to see the EV green toolbar when they use the kiosk to visit my hacked web site. My web site is configured with an SSL cert signed by my own root. I

Re: Hacking Firefox

2009-05-04 Thread Anders Rundgren
Unfortunately the [potential] problem is much bigger than that! A hacked browser and/or operating system can essentially screw the user in all ways possible for a computer. The green bar may lit all the time for example. I would personally be a bit cautious about opening company mail in a

Re: Hacking Firefox

2009-05-04 Thread Nelson Bolyard
On 2009-05-04 12:27, Andrews, Rick wrote: A customer asked this question, and I couldn't answer it. Let's say I'm a hacker with access to a public kiosk, and I want users of that kiosk to see the EV green toolbar when they use the kiosk to visit my hacked web site. My web site is configured

Re: Hacking Firefox

2009-05-04 Thread Ian G
On 4/5/09 22:04, Nelson Bolyard wrote: A very similar hack has already been done. It's a Firefox extension that (IIRC) silently installs some roots and shows the green bar for (some of) the certs that chain up to those roots. See it at https://addons.mozilla.org/en-US/firefox/addon/4828 Nice,

Re: Hacking Firefox

2009-05-04 Thread Nelson B Bolyard
Ian G wrote, On 2009-05-04 13:26: On 4/5/09 22:04, Nelson Bolyard wrote: A very similar hack has already been done. It's a Firefox extension that (IIRC) silently installs some roots and shows the green bar for (some of) the certs that chain up to those roots. See it at