Welcome to WebmasterWorld Guest from

Forum Moderators: incrediBILL

Message Too Old, No Replies

Trustwave released SSL skeleton key, Moz Unhappy



10:36 am on Feb 14, 2012 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

Critics claimed that Trustwave had enabled its client to issue arbitrary SSL certificates for any domain - this is in violation of Mozilla's policy against "knowingly issuing certificates without the knowledge of the entities whose information is referenced in the certificates". Trustwave sold a certificate knowing that it would be used in man-in-the-middle eavesdropping of encrypted information, an insecure practice that it ought to have never used in the first place.

Lengthy article

Featured Threads

Hot Threads This Week

Hot Threads This Month