Hello, They weren't rewarded. They were not punished for voluntarily coming forward and reporting the problem to Mozilla. Punishing them for doing so would only convince others not to come forward in the future. This has triggered a policy change and announcements to CA, if you've followed Mozilla's security policy discussions and these *will* result in people being removed for such behavior in the future.
Hyperbole serves no real purpose here. Al On 02/22/2012 04:12 PM, Jeffrey Walton wrote: > It appears to be official. > > Trustwave issued MitM certificates, which is deceptive, unethical, and > contrary to its agreement for inclusion. > > Mozilla just rewarded their violations of trust by continuing their > inclusion. Apparently, agreements between Mozilla and CAs have no > veracity as both are more than happy to violate the end user. > > Original Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=724929 > NSS and Firefox Update: https://bugzilla.mozilla.org/show_bug.cgi?id=728617 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- Al Billings Mozilla Security _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
