A
A
afunix2015-02-22 19:33:26
Digital certificates
afunix, 2015-02-22 19:33:26

The GblNet backbone provider forges certificates. What to do with it?

Good afternoon.

The last six months I noticed that browsers began to swear at the certificates of some sites.
I was especially worried when the Synology NAS refused to download updates due to the fact that the CommonName of the certificate for their HTTPS site did not match the domain name.
The certificate was self-signed and issued by gblnet.ru

Now again I came across a fake certificate to https://opencryptoaudit.org/
Now CommonName is correct, but CA is not.
The certificate for ssl6490.cloudflare.com signed by gblnet.ru is shown.
Here are the certificates:
https://db.tt/8QrRIlwB
https://db.tt/XCzSNt9M

Technical support does not want to communicate with me, they just ignore me.
The technical support of my provider (line-r.ru) has not responded to the request for several months.
There is no guarantee that by changing the provider I will not run into the same gblnet.
Now when I see problems like this, I open Tor and add a route through the VPN.
However, I would like the certificates of these figures to be blacklisted by popular browsers.

Where can I post fake certificates?
What can be done about it administratively? Now the actions of gblnet.ru look like a scam.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
O
oia, 2015-02-22
@oia

Nag.Ru on the forum ask a question, maybe networkers and they will tell you what to do next

V
Vyacheslav Barsukov, 2015-02-23
@slavabars

It is necessary to write a complaint against the provider and revoke the license.

P
philpirj, 2016-04-02
@philpirj

I will answer with a quote from the answer of Roskomnadzor:

Your request regarding the replacement of the original TLS certificate by the Internet provider Liner (communications operator INFOTECH LLC), received by the Roskomnadzor Administration for the North-Western Federal District from the official website (input No. **** dated March 22, 2016), has been considered.
Communication services on the territory of the Russian Federation are provided by telecom operators on the basis of an agreement on the provision of communication services, concluded in accordance with civil law and the rules for the provision of communication services.
The rules for the provision of telematic communication services, approved by Decree of the Government of the Russian Federation of September 10, 2007 No. 575, regulating the relationship between users of communication services and telecom operators in the performance of a contract for the provision of communication services, their rights and obligations, do not provide for the situation described in your appeal.
There are no violations of the legislation of the Russian Federation in the field of communications by INFOTECH LLC (Liner).
We also inform you that in accordance with the "Regulations on the Federal Service for Supervision in the Sphere of Communications, Information Technology and Mass Communications", approved by the Decree of the Government of the Russian Federation of March 16, 2009 No. 228, consideration of violations when using TLS protocols to ensure secure data transfer between nodes in the Internet is not within the powers of Roskomnadzor.
At the same time, paragraphs 4, 7, 9 of Article 55 of the Federal Law of July 7, 2003 No. 126-FZ “On Communications” provide that in the event of non-fulfillment or improper fulfillment of obligations arising from the contract for the provision of communication services, the user of communication services before contacting submits a claim to the telecom operator in writing to the court.

In fact, the RKN confirmed that TLS MiTM is legal, at least for telecom operators.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question