The consensus seems to be that Iran is poisoning intra-country connections to attach this certificate to gmail.com instead of the real certificate, so this would only be occurring where Iran controlled the network infrastructure. Since the certificate is signed by a trusted CA, no warning is provided to the user that the certificate may be unsafe.
GMail still shows a certificate issued by Thawte for me (in the USA).
>The consensus seems to be that Iran is poisoning intra-country connections
more precisely they can poison any traffic (CA-ed by Diginotar) that passes through the routers/wires under Iran's control, that can be anything what they have already hacked into before as well as just redirected traffic using BGP similar like this
GMail still shows a certificate issued by Thawte for me (in the USA).