Mozilla will ask all certificate authorities to revoke SSL-spying certificates
Mozilla plans to ask all certificate authorities to review their subordinate CA certificates and revoke those that could be used by companies to inspect SSL (Secure Sockets Layer)-encrypted traffic for domain names they don't control.
The plan, whose details are still being worked out, is Mozilla's response to Trustwave's recent claim that the use of such certificates for SSL traffic management within corporate networks is a common practice. After a week of debating whether to punish Trustwave for violating its CA Certificate Policy, Mozilla has decided to send out a communication to all certificate authorities requesting them to come clean about similar certificates and to revoke them.
"My intent is to make it clear that this type of behavior will not be tolerated for subCAs chaining to roots in NSS [Mozilla's Network Security Services], give all CAs fair warning and a grace period, and state the consequences if such behavior is found after that grace period," said Kathleen Wilson, the owner of Mozilla's CA Certificates Module, in an entry on Bugzilla.