Mozzilla 发现 CNNIC 颁发的证书被用于中间人攻击

• 请不要在回答技术问题时复制粘贴 AI 生成的内容

This topic created in 4093 days ago, the information mentioned may be changed or developed.

https://blog.mozilla.org/security/2015/03/23/revoking-trust-in-one-cnnic-intermediate-certificate/
CNNIC被发现颁发了用于中间人攻击的证书。该证书被用于部署到网络防火墙中，用于劫持所有处于该防火墙后的HTTPS网络通信，而绕过浏览器警告。

mozzilla

中间人

CNNIC

28 replies • 2015-03-24 23:06:42 +08:00

wbbim

Mar 24, 2015

最后一句是Google发现的
Thanks to Google for reporting this issue to us.
http://googleonlinesecurity.blogspot.sg/2015/03/maintaining-digital-certificate-security.html

AstroProfundis

Mar 24, 2015

是一张测试用中间证书，虽然我也很想说“终于逮到狐狸尾巴了”不过就看 Mozilla 这篇文章的话感觉 CNNIC 并没有被直接砍死

We believe that this MITM instance was limited to CNNIC’s customer’s internal network.

Additional action regarding this CA will be discussed in the mozilla.dev.security.policy forum.

Gandum

Mar 24, 2015

该来的还是会来的

haquasaiku

Mar 24, 2015

并没有感到意外

AstroProfundis

Mar 24, 2015

这是 Mozilla 的讨论帖里面的内容，似乎不至于干掉 CNNIC 的证书 ╮(╯-╰)╭

Remember that it is CNNIC's customer who made this mistake. CNNIC, as
the CA, is still responsible for it. But I would be surprised if CNNIC
themselves have this problem, nonetheless I will ask them.

kaige

Mar 24, 2015

这种政权哪些是干不出来的？

typcn

Mar 24, 2015

那些说 CNNIC 不会这么干的，干了之后立马会被吊销的人在哪呢？

让我看见你们的名字

wdlth

Mar 24, 2015

https://support.apple.com/zh-cn/HT204132

Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA

Big Brother is watching you.

不犯二的Chrome好像也是信任的……