RSA Security 1024 V3: The Unclaimed Root Certificate Mayhem in Firefox
By on April 8th, 2010

Mozilla security saw a new bug-report filed at bugzilla reporting an unclaimed RSA root certificate. The certificate goes by the name of RSA Security 1024 V3. Both Verisign and RSA have declined ownership of this certificate.

Kathleen Wilson, an active Consultant at Mozilla Corporation has been actively digging through Mozilla security issues. He writes at this Mozilla security Google group saying,

I propose that the “RSA Security 1024 V3″ root certificate authority be
removed from NSS.

OU = RSA Security 1024 V3
O = RSA Security Inc
Valid From: 2/22/01
Valid To: 2/22/26
SHA1 Fingerprint:
3C:BB:5D:E0:FC:D6:39:7C:05:88:E5:66:97:BD:46:2A:BD:F9:5C:76

I have not been able to find the current owner of this root. Both RSA
and VeriSign have stated in email that they do not own this root.

This issue got everyone worried about this being a rouge certificate. However, later Wilson assured the certificate’s origin by saying,

I have received email from official representatives of RSA confirming
that RSA did indeed create the “RSA Security 1024 V3″ root certificate
that is currently included in NSS (Netscape/Mozilla) and also in Apple’s
root cert store.

He also added that that RSA has since, dropped the root certificate and so should Mozilla. In another mail from RSA, it was told that the private key for this root was safe with RSA. This assures that this flaw was not exploited and now the certificate will be removed from NSS (Network Security Services).

[ Via: LinuxToday ]

Tags:
Author: Chinmoy Kanjilal Google Profile for Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written and can be contacted at chinmoy@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN