Digital certificate authority RSA Security on Tuesday acknowledged it issued
a root authentication credential shipped in in the Mac operating system and
Mozilla web browsers and email programs, ending four days of confusion about who
controlled the ultra-sensitive document.
The "RSA Security 1024 V3" certificate is a master credential that can be
used to digitally validate the certificates of an unlimited number of websites
and email servers. It's one of several dozen "certificate authority certificates"
that by default are shipped with Mac OS X and Mozilla's Firefox browser and
Thunderbird email client. It's valid from 2001 to 2026.
But until a few minutes after this article was first published, no one knew
who issued or controlled the credential. Both RSA and competing certificate
issuer VeriSign previously said it wasn't theirs.