Remove Trustwave SecureTrust CA due to selling Certificates for MITM attacks

RESOLVED DUPLICATE of bug 724929

Status

NSS
CA Certificate Root Program
--
critical
RESOLVED DUPLICATE of bug 724929
5 years ago
a month ago

People

(Reporter: Matti, Assigned: Kathleen Wilson)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
This company sold a Certificate that allowed a MITM attack.

They assure that they will not do that again in the future but this is a fundamental breach of trust that should lead to a removing of their root CA in the Mozilla root store.
You may argue that many companies are installing their own root certificate in the browsers that are used inside their company that allows basically the same MITM but this case is different since a user of that affected network will assume that a encrypted connection from his own hard/software is secure.

Their press release:
http://blog.spiderlabs.com/2012/02/clarifying-the-trustwave-ca-policy-update.html
(Reporter)

Updated

5 years ago
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 724929

Updated

a month ago
Product: mozilla.org → NSS
You need to log in before you can comment on or make changes to this bug.