Closed Bug 724942 Opened 12 years ago Closed 12 years ago

Remove Trustwave SecureTrust CA due to selling Certificates for MITM attacks

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Platform:
x86
Windows 7
Type:
task
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 724929

People

(Reporter: Matti, Assigned: kathleen.a.wilson)

Details

This company sold a Certificate that allowed a MITM attack.

They assure that they will not do that again in the future but this is a fundamental breach of trust that should lead to a removing of their root CA in the Mozilla root store.
You may argue that many companies are installing their own root certificate in the browsers that are used inside their company that allows basically the same MITM but this case is different since a user of that affected network will assume that a encrypted connection from his own hard/software is secure.

Their press release:
http://blog.spiderlabs.com/2012/02/clarifying-the-trustwave-ca-policy-update.html
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.