Full Disclosure mailing list archives
Re: Trustwave and Mozilla (Resolved)
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 22 Feb 2012 19:35:02 -0500
On Wed, Feb 22, 2012 at 7:19 PM, Al Billings <abillings () mozilla com> wrote:
Hello, They weren't rewarded. They were not punished for voluntarily coming forward and reporting the problem to Mozilla. Punishing them for doing so would only convince others not to come forward in the future. This has triggered a policy change and announcements to CA, if you've followed Mozilla's security policy discussions and these *will* result in people being removed for such behavior in the future. Hyperbole serves no real purpose here.
The previous was a statement of facts. "Inmates running the asylum" is hyperbole. If you find you are sensitive to the position taken, it could indicate you took the wrong position. Jeff
On 02/22/2012 04:12 PM, Jeffrey Walton wrote:It appears to be official. Trustwave issued MitM certificates, which is deceptive, unethical, and contrary to its agreement for inclusion. Mozilla just rewarded their violations of trust by continuing their inclusion. Apparently, agreements between Mozilla and CAs have no veracity as both are more than happy to violate the end user. Original Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=724929 NSS and Firefox Update: https://bugzilla.mozilla.org/show_bug.cgi?id=728617 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- Al Billings Mozilla Security
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Trustwave and Mozilla (Resolved) Jeffrey Walton (Feb 22)
- Re: Trustwave and Mozilla (Resolved) decoder (Feb 22)
- Re: Trustwave and Mozilla (Resolved) Jeffrey Walton (Feb 22)
- Re: Trustwave and Mozilla (Resolved) Al Billings (Feb 23)
- Re: Trustwave and Mozilla (Resolved) Jeffrey Walton (Feb 22)
- Re: Trustwave and Mozilla (Resolved) Wesley Kerfoot (Feb 23)
- Re: Trustwave and Mozilla (Resolved) Ramo (Feb 24)
- Re: [funsec] Trustwave and Mozilla (Resolved) David C Frier (Feb 24)
- Re: [funsec] Trustwave and Mozilla (Resolved) Marcus Meissner (Feb 24)
- Re: Trustwave and Mozilla (Resolved) decoder (Feb 22)