Is Big Giants like Google doing it right,when trying to do SSL Configuration?

Tell everybody, what you think about SafeSquid!
Speak your mind!
India aashish98
Posts: 5
Joined: Sat Aug 03, 2019 1:05 pm

Is Big Giants like Google doing it right,when trying to do SSL Configuration?

Post by aashish98 » Sat Aug 10, 2019 3:55 am

Hello All,
Recently, I came across this domain: www.youtube-nocookie.com in duckduckgo.com
which basically uses it for to play embeeded Videos
As you all know DuckDuckGo focus more on removing the tracking, so they use this Domain, this is my idea behind using youtube-nocookie in place of youtube.com
but anyways
it is good.
After this i tried DOMAIN: youtube-nocookie.com
which is also the same Domain
but what i saw was really strange
Google is a big Giant, It can buy a New Certificate for youtube-nocookie or it can add SAN to the Existing one.
Strange that they left with a Default Google.com certificate which actually does not has youtube-nocookie.com
Which i feel is wrong. but anyway it is not used by Google, so it is OKAY kind of of stuff.

but for me,it was something interesting.
so posted it

have a look at the POC.
image.png
image.png (20.54 KiB) Viewed 1412 times

clarity
Site Admin
Posts: 15
Joined: Tue Apr 23, 2019 12:28 pm

Re: Is Big Giants like Google doing it right,when trying to do SSL Configuration?

Post by clarity » Tue Aug 20, 2019 8:10 am

Google is using a certificate that includes *.youtube-nocookie.com in SAN (Subject Alternative Names) but does not include youtube-nocookie.com. Looks like the erratic certificate was issued recently by an versight. Terrible, yes. Even organisations considered to be "authoritative" can make such serious mistakes.

Post Reply