NNSquad - Network Neutrality Squad
[ NNSquad ] Critics slam SSL authority for minting certificate for impersonating sites
Critics slam SSL authority for minting certificate for impersonating sites
http://j.mp/AiV7m2 (ars technica)
"While that interception may have been performed for a legitimate
purpose, and the employees of the IT enterprise engaging in this
activity may have been told about it by their employer, it doesn't
change the fact that Trustwave's cert was used to impersonate sites,"
one of the critics, Christopher Soghoian, wrote in an e-mail to Ars.
"This is a big no no, and violates Mozilla's CA rules." Soghoian is
among the members of the online discussion who are calling on Mozilla
to revoke its trust in the Trustwave root. The controversy was sparked
after Trustwave recently admitted issuing the certificate, and
promised to revoke it and abandon the practice in light of a recent
rash of attacks on certificate authorities. It was the first known
instance of an authority admitting to issuing such a key, although
critics maintain the practice is common. In a statement, Firefox
director of engineering Johnathan Nightingale said Mozilla managers
have yet to decide whether to banish Trustwave.
- - -
The PKI appears to be something of a slow speed train wreck.
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
- PRIVACY Forum: http://www.vortex.com
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren
Twitter: https://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad