GlobalSign Statement

the recent Comodo compromise.

 

On March 23 2011, the Certification Authority Comodo announced it had mis-issued 9 SSL Certificates to high profile websites including:

* login.live.com
* mail.google.com
* www.google.com
* login.yahoo.com (3 certificates)
* login.skype.com
* addons.mozilla.org

The Certificates were issued through one of its unnamed Registration Authority (RA) Partners who had been given transferrable trust rights to issue publicly trusted SSL Certificates.

 
The fraudulent Certificates have since been revoked, however due to the high profile nature of the mis-issued Certificates, Microsoft, Google and Mozilla have issued browser updates to hardcode the revocation status of the Certificates into the browsers.  We advise all GlobalSign customers to update their browsers immediately.

This is a very serious compromise of unprecedented scale.