| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Feb 2012 16:19:14 -0800 From: Al Billings <abillings@...illa.com> To: noloader@...il.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Trustwave and Mozilla (Resolved) Hello, They weren't rewarded. They were not punished for voluntarily coming forward and reporting the problem to Mozilla. Punishing them for doing so would only convince others not to come forward in the future. This has triggered a policy change and announcements to CA, if you've followed Mozilla's security policy discussions and these *will* result in people being removed for such behavior in the future. Hyperbole serves no real purpose here. Al On 02/22/2012 04:12 PM, Jeffrey Walton wrote: > It appears to be official. > > Trustwave issued MitM certificates, which is deceptive, unethical, and > contrary to its agreement for inclusion. > > Mozilla just rewarded their violations of trust by continuing their > inclusion. Apparently, agreements between Mozilla and CAs have no > veracity as both are more than happy to violate the end user. > > Original Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=724929 > NSS and Firefox Update: https://bugzilla.mozilla.org/show_bug.cgi?id=728617 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- Al Billings Mozilla Security _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists