French government goes NSA

Google claims to have caught France’s cyberdefence division, Agence nationale de la sécurité des systèmes d’information (ANSSI), red handed in the act of spoofing digital certificates for Google domains.

In a blog post, Google says ANSSI acted on a flaw which permits trusted sources to perform “man in the middle” interceptions of SSL/HTTPS encrypted internet traffic.

While ANSSI blames human error, Google is using the episode to highlight the company’s Certificate Transparency project, aimed at updating the underlying SSL certificate system that enables website spoofing and man in the middle attacks, techniques also used by the NSA.