India's National Informatics Centre Forged Google SSL Certificates 107
NotInHere (3654617) writes As Google writes on its Online Security Blog, the National Informatics Centre of India (NIC) used its intermediate CA certificate, issued by Indian CCA, to issue several unauthorized certificates for Google domains, allowing it to do Man in the middle attacks. Possible impact however is limited, as, according to Google, the root certificates for the CA were only installed on Windows, which Firefox doesn't use — and for the Chrom{e,ium} browser, the CA for important Google domains is pinned to the Google CA. According to its website, the NIC CA has suspended certificate issuance, and according to Google, its root certificates were revoked by Indian CCA.
Repercussions? (Score:3, Interesting)
Will there be any repercussions for this?
The National Informatics Centre of India did abuse something.
Will the National Informatics Centre of India be able to continue with such abuses and do this again in the future?
Or will they lose this ability?
What will happen now?
They have shown that they can not be trusted. They must lose the power to do this.
Pull someones certificates or kill some CA. Someone needs to suffer because of this.
Re:Repercussions? (Score:0, Interesting)
India is a very corrupt country.
I only see this as a good thing because it will reflect on companies that outsource to India and put the spotlight where it needs to be at - why do we trust these people with our customers?
As someone who has dealt with far too many indian "Customer service representatives" and actually had one attempt to charge my credit card $5000 to get a return flight from Ireland after the company cancelled my plane ticket (I was shanghaied and I live in the USA) I have no intention of dealing with any company in the future that outsources to India.
I lost 1300 euros that trip, It will never happen again.
Re:Repercussions? (Score:4, Interesting)