Unknown Root Certifiacte Authority in Firefox-Miscommunication Drama

Mozilla has detected that an unknown certificate named as "RSA Security 1024 V3" is installed in the Firefox browser whose owners are unknown. Even RSA has denied that it is holding anything like current certificate. As per Kathleen Wilson these are the details of the certificate and he has recommended to remove it from NSS where all trusted certificates are maintained:
OU = RSA Security 1024 V3
O = RSA Security Inc
Valid From: 2/22/01
Valid To: 2/22/26
SHA1 Fingerprint:

In the first communication the RSA says that it doesn't own this root. As per Kathleen:

“…I have not been able to find the current owner of this root. Both RSA and VeriSign have stated in email that they do not own this root.

Therefore, to my knowledge this root has no current owner and no current audit, and should be removed from NSS."

Mozilla now says it has received official word from RSA that they do in fact own the root CA.

Katleen says:

An official representative of RSA has sent me email to confirm that RSA
is still in possession of the private key for the "RSA Security 1024 V3"
root certificate.

RSA has also agreed that the "RSA Security 1024 V3" root certificate
should be removed from NSS.

This is a bit funny!

More Read: http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/b6493a285ba79998/26fca75f9aeff1dc#26fca75f9aeff1dc


Popular posts from this blog

SQL Injection in search field

File Upload through Null Byte Injection