lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F458602.1070803@mozilla.com>
Date: Wed, 22 Feb 2012 16:19:14 -0800
From: Al Billings <abillings@...illa.com>
To: noloader@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Trustwave and Mozilla (Resolved)

Hello,

They weren't rewarded. They were not punished for voluntarily coming
forward and reporting the problem to Mozilla. Punishing them for doing
so would only convince others not to come forward in the future. This
has triggered a policy change and announcements to CA, if you've
followed Mozilla's security policy discussions and these *will* result
in people being removed for such behavior in the future.

Hyperbole serves no real purpose here.

 Al

On 02/22/2012 04:12 PM, Jeffrey Walton wrote:
> It appears to be official.
>
> Trustwave issued MitM certificates, which is deceptive, unethical, and
> contrary to its agreement for inclusion.
>
> Mozilla just rewarded their violations of trust by continuing their
> inclusion. Apparently, agreements between Mozilla and CAs have no
> veracity as both are more than happy to violate the end user.
>
> Original Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=724929
> NSS and Firefox Update: https://bugzilla.mozilla.org/show_bug.cgi?id=728617
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


-- 
Al Billings
Mozilla Security

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ