Skip to main content

Mozilla considers removing Trustwave CA

posted onFebruary 9, 2012
by l33tdawg

Scandalised by the snooping certificate issued by Trustwave, a heise Security reader, Sebastian Wiesinger, has submitted a report to Mozilla's bug database in which he requests that Trustwave's root certificates be removed from all Mozilla products. Mozilla's Kathleen Wilson, who handles the issue, has accepted the submission and requested a statement from Trustwave. Trustwave's Brian Trzupek has already announced the release of further information which, he says, is still waiting for internal approval.

Yesterday, The H's associates at heise Security reported on the first publicly known case in which a widely accepted Certificate Authority sold a root certificate for surveillance purposes. Although Trustwave has said that the case was a one-off, that any misuse was impossible and that the certificate in question has since been revoked, critics think that the issuer has violated the Mozilla CA Certificate Policy. Among other things, this policy states that CAs must not knowingly issue certificates without the knowledge of the entities whose information is referenced in the certificates.

Source

Tags

Mozilla CA Security

Recent News

Tuesday, November 14th

Sunday, November 12th

Friday, November 10th

Wednesday, November 8th

Monday, November 6th