On मंगलवार 31 मार्च 2015 05:44 अपराह्न, S Moonesamy wrote:
> The National Computer Board is the Local Agent for eMudhra CA.
Thank you for the info SM.
I am quoting an email from 12 February 2015 which had contact_at_ncb.mu in
the recipient list.
On गुरुवार 12 फ़रवरी 2015 12:04 अपराह्न, Ish Sookun wrote:
> There is an advisory by Microsoft[1] notifying about the security
> breach. Another article[2] highlights the dangers.
>
> I checked the CCA Mauritius website and noticed a broken URL published
> at : https://www.cca.mu/emudhra_details.htm
>
> I downloaded the CA Certificate for eMudhra from the following link[3]
> and checked the cert details. I got the following :
>
> X509v3 Key Usage: critical
> Digital Signature, Certificate Sign, CRL Sign
> X509v3 Subject Key Identifier:
>
53:FD:7A:D2:8D:6D:70:E6:C0:2F:AE:90:8E:B8:30:BA:C6:C1:95:C8
> X509v3 Authority Key Identifier:
>
> keyid:E7:EA:20:92:B4:AD:20:60:C1:E8:A5:56:1E:12:02:A4:55:47:9A:FA
>
> X509v3 CRL Distribution Points:
>
> Full Name:
> URI:http://www.cca.mu/crl/cca.crl
>
> Authority Information Access:
> CA Issuers - URI:http://www.cca.mu/cacert/cca.cer
>
> However, the mentioned links are both broken. I find the current
> infrastructure to be weak & anyone on the web could mimick and pretend
> to be a Mauritian PKI. It is difficult to just believe the information
> published, especially in a situation where none of my emails and queries
> are answered (neither by CCA nor by ICTA).
>
> [1] https://technet.microsoft.com/en-us/library/security/2982792.aspx
> [2] https://casecurity.org/2014/07/24/unauthorized-certificate-issuance
> [3] https://www.cca.mu/cacert/eMudhra_foreign_ca.cer
I didn't find the National Computer Board showing an interest in
replying that email.
Regards,
--
Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?
Received on Tue Mar 31 2015 - 16:16:56 PST