TrustCor Certificate Authority - Not to be trusted

[shep]

In the culturing an illusion of trust category

From the GrapheneOS Changelog:

Quote:

2022111000

Tags:

TP1A.221005.002.2022111000 (Pixel 4, Pixel 4 XL) — extended support release for legacy devices with frozen 2022-10-05 patch level
TP1A.221105.002.2022111000 (Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, emulator, generic, other targets)
TD1A.221105.001.2022111000 (Pixel 7, Pixel 7 Pro)

Changes since the 2022110800 release:

remove TrustCor Certificate Authority due to malicious domain squatting and ties to entites involved in surveillance which should have very little impact on web compatibility due to this CA barely being used by anyone other than a specific dynamic DNS provider
ignore wireless alert channels being marked as always-on to prevent channel configuration overriding presidential alert toggle
GmsCompatConfig: change app label from "GmsCompat config" to "GmsCompatConfig"
GmsCompatConfig: disable TelecomTaskService to resolve sandboxed Google Play services crash caused by feature flag
kernel (Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a): update base kernel to Android 13 QPR1 Beta 3 to ship the December security update early
Vanadium: update Chromium base to 107.0.5304.105

And the well documented, academic presentation of the evidence:
https://groups.google.com/a/mozilla..../c/oxX69KFvsm4

[jggimi]

The trailing "e" in the thread title added some confusion for me. The CA's name is "TrustCor" -- no "e".

[shep]

I'm unable to correct the spelling in the News list - ?Moderator intervention?

On my current system:

Code:

less /etc/ssl/cert.pem | grep TrustCor
### TrustCor Systems S. de R.L.
=== /C=PA/ST=Panama/L=Panama City/O=TrustCor Systems S. de R.L./OU=TrustCor Certificate Authority/CN=TrustCor ECA-1
        Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor ECA-1
=== /C=PA/ST=Panama/L=Panama City/O=TrustCor Systems S. de R.L./OU=TrustCor Certificate Authority/CN=TrustCor RootCert CA-1
        Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-1
=== /C=PA/ST=Panama/L=Panama City/O=TrustCor Systems S. de R.L./OU=TrustCor Certificate Authority/CN=TrustCor RootCert CA-2
        Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-2

[jggimi]

It's already been mentioned on tech@. With the misspelling.

What I know -- just as a user -- is that the OS's certificate list is generally synced with Mozilla, who -- according to the public discussion thread you linked -- have giving this CA until November 22 to address concerns.

[shep]

Trade you the "e" in TrustCore for the "ing" in giving.

[jggimi]