Home > slashdot > Mozilla Debates Whether To Trust Chinese CA

Mozilla Debates Whether To Trust Chinese CA

February 17th, 2010 02:02 admin Leave a comment Go to comments

At his Freedom to Tinker blog, Ed Felten has a thoughtful, accessible piece on the debate at Mozilla about whether Firefox, by default, should trust a Chinese certificate authority (as it has since October). Felten explains in clear language why this is significant, and therefore controversial. An excerpt: “To see why this is worrisome, let’s suppose, just for the sake of argument, that CNNIC were a puppet of the Chinese government. Then CNNIC’s status as a trusted CA would give it the technical power to let the Chinese government spy on its citizens’ ‘secure’ web connections. If a Chinese citizen tried to make a secure connection to Gmail, their connection could be directed to an impostor Gmail site run by the Chinese government, and CNNIC could give the impostor a cert saying that the government impostor was the real Gmail site.”

Source: Mozilla Debates Whether To Trust Chinese CA

Related Articles:

  1. Mozilla Accepts Chinese CNNIC Root CA Certificate
  2. Mozilla Is Considering Revoking TeliaSonera Trust For Sales To Dictators
  3. Can You Trust Chinese Computer Equipment?
  4. Was Eich a Threat To Mozilla’s $1B Google “Trust Fund”?
  5. EFF Asks Verizon Whether Etisalat Deserves CA Trust
blog comments powered by Disqus