Comment by codedokode
3 years ago
In this case there has been a valid certificate for the site; this alone should raise suspicion.
Also, if they cannot do secure validation then maybe they should stop issuing certificates for sites that already have a proper certificate.
This happens all the time when a server is rebuilt from scratch - same cert using a different keypair.
So should we conclude that SSL cert infrastructure is completely compromised and now any country can issue fake certificates?
No, there is no reason to jump to such extremes.
4 replies →