Ofcourse I'm also afraid that this is indeed a MITM attack against Iranian users.
With SSL certs that costs less than $15 you can expect that things cannot be thoroughly checked, however a Wildcard DigiNotar SSL cert is costing you € 750 a year (in a 4 year contract http://diginotar.nl/OnlinePrijsindicatie/tabid/1417/Default....), you would expect that these things would not be possible.
If they however hacked the root CA, it's even more scary, also Vasco (the mother company) makes virtually every Two-factor authentication used for Dutch Banking..
Scary indeed. Also responsible for authentication of DigiD, online taxes, pension funds, Chamber of Commerce, Ministry of Security and Justice, local governments, etc.
Didn't check it myself, but apparently DigiD for instance is on a different CA/root. DigiD is the Dutch "unified account" for all online government services: you can take out student loans, submit taxes, etc.
From what I can see:
- Google Search & Google+ (https://encrypted.google.com/ https://plus.google.com/) are using a *.google.com from GeoTrust/Google Internet Authority
- Google Mail (https://www.google.com/accounts/) is using a www.google.com from VeriSign/Thawte
Ofcourse I'm also afraid that this is indeed a MITM attack against Iranian users.
With SSL certs that costs less than $15 you can expect that things cannot be thoroughly checked, however a Wildcard DigiNotar SSL cert is costing you € 750 a year (in a 4 year contract http://diginotar.nl/OnlinePrijsindicatie/tabid/1417/Default....), you would expect that these things would not be possible.
If they however hacked the root CA, it's even more scary, also Vasco (the mother company) makes virtually every Two-factor authentication used for Dutch Banking..