Hacks and Incidents

Bug 693450 – Add IGC/A RSA4096 SHA256 root certificate

693450 – Add IGC/A RSA4096 SHA256 root certificate: Hi, i would like to note this issue:

The French Government ANSSI made a MITM against Google SSL/TLS:
http://googleonlinesecurity.blogspot.it/2013/12/further-improving-digital-certificate.html

Google does not mention who’s ANSSI.

ANSSI is the French CyberSecurity agency, closely working with defense and intelligence agencies:
http://www.ssi.gouv.fr/

ANSSI declare that an intermediate CA is generating fake-certificate for the purpose to inspect SSL traffic:
“ANSSI has found that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network. “

Google Detected the MITM and Blocked it:
https://code.google.com/p/chromium/issues/detail?id=326787

ANSSI issued a statement that it was a “Human Error” from someone from the Finance Ministry:
http://www.ssi.gouv.fr/en/the-anssi/events/revocation-of-an-igc-a-branch-808.html

A recent law proposal, see Art. 246, is giving power to governmental agencies to act with massive interception capabilities:
http://translate.google.com/translate?depth=1&ie=UTF8&prev=_t&rurl=translate.google.com&tl=en&u=http://www.assemblee-nationale.fr/14/projets/pl1473.asp

I am wondering if, given this incident and the upcoming change in the regulation, this CA is still compliant with Mozilla policy for Root’s CA inclusions.

Standard