Welcome to WebmasterWorld Guest from 54.145.173.36

Forum Moderators: incrediBILL

Message Too Old, No Replies

Trustwave released SSL skeleton key, Moz Unhappy

   
10:36 am on Feb 14, 2012 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Critics claimed that Trustwave had enabled its client to issue arbitrary SSL certificates for any domain - this is in violation of Mozilla's policy against "knowingly issuing certificates without the knowledge of the entities whose information is referenced in the certificates". Trustwave sold a certificate knowing that it would be used in man-in-the-middle eavesdropping of encrypted information, an insecure practice that it ought to have never used in the first place.

[theregister.co.uk...]
Lengthy article