SSL MITM attack on Gmail?

According to this thread on the Gmail (UK) help forum, someone in Iran may have obtained a fake SSL certificate for *.google. com from the Dutch CA DigiNotar. You can see supposedly-fake certifictate here.

The discussion thread says that the bogus certificate has been revoked, and that you can check the CRL here. Or you just look at this view of the CRL:


Note that although the certificate was issued on July 10, it wasn't revoked until August 29! So someone could have been masquerading as Google for quite a while. And they still could be, because revocation isn't always checked for certificates.

Leave a Reply

Your email address will not be published. Required fields are marked *