On 23.02.15 22:39, John Nagle wrote:
With the Lenovo and Comodo disclosures, the restrictions
on loading new certificates into Firefox clients need to be tightened.
The MITM-Ad/Malware installed via the Windows Certificate Store and not
into browsers, so I cannot follow your conclusion.
My conclusion is that, after the 2011 incident[*] and now PrivDog,
Comodo cannot be trusted and their Root Certificates need to be removed
from browsers.
We still need to be able to install (in a controlled way) our own,
self-signed certificates for our own CAs into browsers and operating
systems. CAcert is one example. And besides our public CA Fraunhofer
uses a private, self-signed CA in a well-regulated way for less
sensitive, internal authentication, for example. And last but not least
I personally use a private one myself to allow authenticated access to
family members and friends to a private server.
Regards, JC
[*]
https://nakedsecurity.sophos.com/2011/03/24/fraudulent-certificates-issued-by-comodo-is-it-time-to-rethink-who-we-trust/
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
