[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Trustwave and Mozilla (Resolved)
- To: noloader@xxxxxxxxx
- Subject: Re: [Full-disclosure] Trustwave and Mozilla (Resolved)
- From: Al Billings <abillings@xxxxxxxxxxx>
- Date: Wed, 22 Feb 2012 16:19:14 -0800
Hello,
They weren't rewarded. They were not punished for voluntarily coming
forward and reporting the problem to Mozilla. Punishing them for doing
so would only convince others not to come forward in the future. This
has triggered a policy change and announcements to CA, if you've
followed Mozilla's security policy discussions and these *will* result
in people being removed for such behavior in the future.
Hyperbole serves no real purpose here.
Al
On 02/22/2012 04:12 PM, Jeffrey Walton wrote:
> It appears to be official.
>
> Trustwave issued MitM certificates, which is deceptive, unethical, and
> contrary to its agreement for inclusion.
>
> Mozilla just rewarded their violations of trust by continuing their
> inclusion. Apparently, agreements between Mozilla and CAs have no
> veracity as both are more than happy to violate the end user.
>
> Original Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=724929
> NSS and Firefox Update: https://bugzilla.mozilla.org/show_bug.cgi?id=728617
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
--
Al Billings
Mozilla Security
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/