Welcome to WebmasterWorld Guest from 54.147.63.124

Forum Moderators: incrediBILL

Message Too Old, No Replies

Trustwave released SSL skeleton key, Moz Unhappy

     
10:36 am on Feb 14, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:6153
votes: 284


Critics claimed that Trustwave had enabled its client to issue arbitrary SSL certificates for any domain - this is in violation of Mozilla's policy against "knowingly issuing certificates without the knowledge of the entities whose information is referenced in the certificates". Trustwave sold a certificate knowing that it would be used in man-in-the-middle eavesdropping of encrypted information, an insecure practice that it ought to have never used in the first place.

[theregister.co.uk...]
Lengthy article
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members