NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Critics slam SSL authority for minting certificate for impersonating sites

Critics slam SSL authority for minting certificate for impersonating sites

http://j.mp/AiV7m2  (ars technica)

    "While that interception may have been performed for a legitimate
    purpose, and the employees of the IT enterprise engaging in this
    activity may have been told about it by their employer, it doesn't
    change the fact that Trustwave's cert was used to impersonate sites,"
    one of the critics, Christopher Soghoian, wrote in an e-mail to Ars.
    "This is a big no no, and violates Mozilla's CA rules."  Soghoian is
    among the members of the online discussion who are calling on Mozilla
    to revoke its trust in the Trustwave root. The controversy was sparked
    after Trustwave recently admitted issuing the certificate, and
    promised to revoke it and abandon the practice in light of a recent
    rash of attacks on certificate authorities. It was the first known
    instance of an authority admitting to issuing such a key, although
    critics maintain the practice is common.  In a statement, Firefox
    director of engineering Johnathan Nightingale said Mozilla managers
    have yet to decide whether to banish Trustwave.

 - - -

The PKI appears to be something of a slow speed train wreck.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com 
Google+: http://vortex.com/g+lauren 
Twitter: https://twitter.com/laurenweinstein 
Tel: +1 (818) 225-2800 / Skype: vortex.com

nnsquad mailing list