X

Dissecting the GnuTLS Bug

Update: we now host a test server at gnutls.notary.icsi.berkeley.edu. See gnutls command lines below. The recent  GnuTLS certificate verification bug made it possible to craft an arbitrary certificate in a way that GnuTLS would validate correctly against a...

The Tree of Trust

As we mentioned in our preceding blog posting, ICSI has been harvesting details about SSL connections and their contained certificates since the beginning of this year.We use the data to provide a notary service to the community, which can be used to retrieve...

Using the ICSI Certificate Notary

Today, we are happy to publicly announce the ICSI Certificate Notary. This service provides near real-time reputation information on a large number of TLS/SSL certificates seen in the wild, collected continuously by Bro at several partner network sites. The notary’s...