Critics claimed that Trustwave had enabled its client to issue arbitrary SSL certificates for any domain - this is in violation of Mozilla's policy against "knowingly issuing certificates without the knowledge of the entities whose information is referenced in the certificates". Trustwave sold a certificate knowing that it would be used in man-in-the-middle eavesdropping of encrypted information, an insecure practice that it ought to have never used in the first place.

[theregister.co.uk...]
Lengthy article