Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Hopefully this leads to an immediate removal of TrustWave from browser trust roots.
Trustwave admits issuing man-in-the-middle digital certificate (ComputerWorld)
Posted Feb 9, 2012 17:37 UTC (Thu) by josh (subscriber, #17465)
At a minimum, after clarifying their CA policy with an appropriate amount of "no really"s, CAs need re-validation against the new policy.
Posted Feb 9, 2012 17:47 UTC (Thu) by josh (subscriber, #17465)
Posted Feb 9, 2012 18:30 UTC (Thu) by JoeBuck (subscriber, #2330)
A possible alternative for authorities known to operate in this manner is to have a way of trusting the cert only within a particular domain, say *.mycompany.com.
Posted Feb 9, 2012 18:36 UTC (Thu) by josh (subscriber, #17465)
Posted Feb 9, 2012 17:40 UTC (Thu) by jimparis (subscriber, #38647)
It's not clear what that would accomplish. There are plenty of CAs out there that probably did the same thing, and it seems out of place to punish TrustWave for both proactively revoking these subordinate certificates, and for publicly admitting their existence. More useful might be to say "Every other CA must similarly revoke such certificates by Feb 15; we'll start looking, and if we find any violations after that point, your CA will be immediately removed from the browser trust root forever". But as you say, the fundamental model of CAs is flawed.
Posted Feb 10, 2012 2:23 UTC (Fri) by slashdot (guest, #22014)
Posted Feb 10, 2012 2:25 UTC (Fri) by slashdot (guest, #22014)
Posted Feb 10, 2012 13:56 UTC (Fri) by Aissen (subscriber, #59976)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds