Welcome to WebmasterWorld Guest from 54.167.76.176

Forum Moderators: incrediBILL

Message Too Old, No Replies

Trustwave released SSL skeleton key, Moz Unhappy

     

tangor

10:36 am on Feb 14, 2012 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Critics claimed that Trustwave had enabled its client to issue arbitrary SSL certificates for any domain - this is in violation of Mozilla's policy against "knowingly issuing certificates without the knowledge of the entities whose information is referenced in the certificates". Trustwave sold a certificate knowing that it would be used in man-in-the-middle eavesdropping of encrypted information, an insecure practice that it ought to have never used in the first place.

[theregister.co.uk...]
Lengthy article
 

Featured Threads

Hot Threads This Week

Hot Threads This Month