Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Trustwave and Mozilla (Resolved)

From: Al Billings <abillings () mozilla com>
Date: Wed, 22 Feb 2012 16:19:14 -0800
Hello,

They weren't rewarded. They were not punished for voluntarily coming
forward and reporting the problem to Mozilla. Punishing them for doing
so would only convince others not to come forward in the future. This
has triggered a policy change and announcements to CA, if you've
followed Mozilla's security policy discussions and these *will* result
in people being removed for such behavior in the future.

Hyperbole serves no real purpose here.

 Al

On 02/22/2012 04:12 PM, Jeffrey Walton wrote:

It appears to be official.

Trustwave issued MitM certificates, which is deceptive, unethical, and
contrary to its agreement for inclusion.

Mozilla just rewarded their violations of trust by continuing their
inclusion. Apparently, agreements between Mozilla and CAs have no
veracity as both are more than happy to violate the end user.

Original Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=724929
NSS and Firefox Update: https://bugzilla.mozilla.org/show_bug.cgi?id=728617

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



-- 
Al Billings
Mozilla Security

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: