From d722fb300a046783c9bf7bec055c18dcb828f8ee Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Thu, 13 Jul 2017 11:07:19 +0300 Subject: [PATCH] =?utf8?q?=D0=9A=D0=BE=D0=BC=D0=BF=D1=80=D0=BE=D0=BC=D0=B5?= =?utf8?q?=D1=82=D0=B0=D1=86=D0=B8=D1=8F=20=D0=B8=D0=B7=D0=B2=D0=B5=D1=81?= =?utf8?q?=D1=82=D0=BD=D1=8B=D1=85=20=D0=BD=D0=B5=20=D0=BA=D0=B8=D1=82?= =?utf8?q?=D0=B0=D0=B9=D1=81=D0=BA=D0=B8=D1=85=20CA?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Недавно были новости о том что WoSign и StartCom все из себя плохие CA и их отзывают и не доверяют (c1d991e20528f6b0e84b06cda975543a69a502d2). Вот тут кое какой список нашёл о том что куда более крупные и известные CA совершали куда более серьёзные нарушения и факапы, но им ничего за это не было: https://www.eff.org/deeplinks/2015/09/symantec-issues-rogue-ev-certificate-googlecom Symantec Issues Rogue EV Certificate for Google.com https://threatpost.com/fraudulent-certificate-google-domains-found-after-mistake-turkish-ca-010313/77361/ Fraudulent certificate for Google domains found after mistake by turkish CA https://defcon.org/images/defcon-17/dc-17-presentations/defcon-17-zusman-hacking_pki.pdf https://www.cnet.com/news/microsoft-warns-of-hijacked-certificates/ VeriSign issues two digital certificates in the software giant's name... https://en.wikipedia.org/wiki/Diginotar#Issuance_of_fraudulent_certificates On July 10, 2011, an attacker with access to DigiNotar's systems issued a wildcard certificate for Google. https://en.wikipedia.org/wiki/Comodo_Group#2011_breach_incident In 2009 Microsoft MVP Michael Burgess accused Comodo of issuing digital certificates to known malware. https://en.wikipedia.org/wiki/Comodo_Group#2011_breach_incident On March 23, 2011, Comodo posted a report that 8 days earlier, on 15 March 2011, a user account with an affiliate registration authority had been compromised and was used to create a new user account that issued nine certificate signing requests. -- 2.48.1