{"id":520145,"date":"2010-04-08T04:15:59","date_gmt":"2010-04-08T08:15:59","guid":{"rendered":"http:\/\/techie-buzz.com\/?p=22588"},"modified":"2010-04-27T10:06:43","modified_gmt":"2010-04-27T14:06:43","slug":"rsa-security-1024-v3-the-unclaimed-root-certificate-mayhem-in-firefox","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/520145","title":{"rendered":"RSA Security 1024 V3: The Unclaimed Root Certificate Mayhem in Firefox"},"content":{"rendered":"

Mozilla security saw a new bug-report filed at bugzilla<\/a> reporting an unclaimed RSA root certificate. The certificate goes by the name of RSA Security 1024 V3. Both Verisign and RSA have declined ownership of this certificate.<\/p>\n

Kathleen Wilson<\/a>, an active Consultant at Mozilla Corporation has been actively digging through Mozilla security issues. He writes at this Mozilla security Google group saying,<\/p>\n

\n

I propose that the “RSA Security 1024 V3″ root certificate authority be
\nremoved from NSS.<\/p>\n

OU = RSA Security 1024 V3
\nO = RSA Security Inc
\nValid From: 2\/22\/01
\nValid To: 2\/22\/26
\nSHA1 Fingerprint:
\n3C:BB:5D:E0:FC:D6:39:7C:05:88:E5:66:97:BD:46:2A:BD:F9:5C:76<\/p>\n

I have not been able to find the current owner of this root. Both RSA
\nand VeriSign have stated in email that they do not own this root.<\/p>\n<\/blockquote>\n

This issue got everyone worried about this being a rouge certificate. However, later Wilson assured the certificate’s origin by saying,<\/p>\n

\n

I have received email from official representatives of RSA confirming
\nthat RSA did indeed create the “RSA Security 1024 V3″ root certificate
\nthat is currently included in NSS (Netscape\/Mozilla) and also in Apple’s
\nroot cert store.<\/p>\n<\/blockquote>\n

He also added that that RSA has since, dropped the root certificate and so should Mozilla. In another mail from RSA, it was told that the private key for this root was safe with RSA. This assures that this flaw was not exploited and now the certificate will be removed from NSS (Network Security Services).<\/p>\n

[ Via: LinuxToday<\/a> ]<\/p>\n

\nShare:<\/strong>
\nComment on This Post<\/a> |
\nTweet This<\/a> |
\nShare on Facebook<\/a> |
\nSave to Delicious<\/a> |
\nStumble This<\/a> |
\nDigg This<\/a> |
\nReddit This<\/a>\n<\/div>\n

<\/p>\n

TAGS:<\/strong> bugzilla<\/a>, Mozilla<\/a>, RSA<\/a><\/span>
\n<\/small><\/div>\n
\n
\nAnnouncement:<\/strong> Missing Mobile News in the Main RSS Feed? We have decided to remove the mobile content from the main feed, please subscribe to our dedicated Mobile News RSS Feed<\/a> at http:\/\/feeds.techie-buzz.com\/techiemobile<\/a>. Thank you for your understanding.<\/font><\/p>\n<\/div>\n
\nRSA Security 1024 V3: The Unclaimed Root Certificate Mayhem in Firefox<\/a> originally appeared on Techie Buzz<\/a> written by Chinmoy Kanjilal on Thursday 8th April 2010 04:15:59 AM. Please read the Terms of Use<\/a> for fair usage guidance. <\/div>\n

<\/p>\n

Don’t miss these Related Posts:<\/h2>\n