Mozilla has announced
that it has sent a
to all of its recognized certificate authorities about the
practice of issuing subordinate root certificates for man-in-the-middle
attacks. Such use, they say, is not acceptable.
"In addition to this clarification, we have made several requests. We
have requested that any such certificates be revoked, and their HSMs
destroyed. We have requested the serial numbers of those certificates and
fingerprints of their signing roots so that we, and other relying parties,
can detect and distrust these subCA certificates if encountered. We have
requested that any CAs who have issued subCA certificates fulfill these
requests no later than April 27, 2012.
to post comments)