Skip to main content

Mozilla will ask all certificate authorities to revoke SSL-spying certificates

posted onFebruary 15, 2012
by l33tdawg

Mozilla plans to ask all certificate authorities to review their subordinate CA certificates and revoke those that could be used by companies to inspect SSL (Secure Sockets Layer)-encrypted traffic for domain names they don't control.

The plan, whose details are still being worked out, is Mozilla's response to Trustwave's recent claim that the use of such certificates for SSL traffic management within corporate networks is a common practice. After a week of debating whether to punish Trustwave for violating its CA Certificate Policy, Mozilla has decided to send out a communication to all certificate authorities requesting them to come clean about similar certificates and to revoke them.

"My intent is to make it clear that this type of behavior will not be tolerated for subCAs chaining to roots in NSS [Mozilla's Network Security Services], give all CAs fair warning and a grace period, and state the consequences if such behavior is found after that grace period," said Kathleen Wilson, the owner of Mozilla's CA Certificates Module, in an entry on Bugzilla.

Source

Tags

Mozilla SSL Security Encryption

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th