On Sun, Dec 8, 2013 at 6:14 PM, andrew cooke <[email protected]> wrote: > Despite it being used on a private network, and with user consent, it is > reportedly a violation of procedures. Google classify it as a "serious > breach".
First, it doesn't matter how Google classifies the violation, as it is a private company that does not hold any definitive authority on the matter, regardless of whatever spin they try to put on their blog posts. Now, it's possible that the French can't be trusted with properly handling intermediate CAs, and that as a result ANSSI should be held responsible and have its IGC/A root certificates [1–2] revoked from browsers' trusted stores, but it doesn't mean that the incident is some case of a government agency trying to covertly spy on citizens or employees. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=477147 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=693450 -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
