Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, O=RTFM, Inc., OU=Widgets Division, CN=Test CA20010517
Validity
Not Before: May 17 16:01:14 2001 GMT
Not After : Dec 25 16:01:14 2006 GMT
Subject: C=US, O=RTFM, Inc., OU=Widgets Division, CN=Test
...
This is happening for customers of Comcast, Charter, and Cox (at least).
So, these actually are my certificates, distributed with an
article
I wrote a few years back about how to program to OpenSSL,
but I'm certainly not intercepting people's email.
Obviously, this could be an attack, but you'd think an attacker
competent enough to capture connections to an ISP's mail
servers would manage to get a certificate that (1) isn't expired
and (2) doesn't have localhost in the name.
That said, it's hard to see how this could be a simple misconfiguration problem. My guess is that some server is shipping with these certificates as a default and the ISPs are neglecting to change them after they install the software. Pretty amazing it's this widespread, though.
Acknowledgement: Thanks to Danny McPherson for helping me make contact with the ISPs. Anyone with more information please contact me at ekr@rtfm.com.
Leave a comment