| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADyVuMvfUthLHm_RehDrtLSZAW8k8QKkM6FtF3KAL_HPttdw5g@mail.gmail.com> Date: Thu, 23 Feb 2012 07:11:53 -0500 From: David C Frier <david.frier+isc2@...il.com> To: FunSec List <funsec@...uxbox.org> Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: [funsec] Trustwave and Mozilla (Resolved) On Wed, Feb 22, 2012 at 19:12, Jeffrey Walton <noloader@...il.com> wrote: > It appears to be official. > > Trustwave issued MitM certificates, which is deceptive, unethical, and > contrary to its agreement for inclusion. > > Mozilla just rewarded their violations of trust by continuing their > inclusion. Apparently, agreements between Mozilla and CAs have no > veracity as both are more than happy to violate the end user. This is not the simplistic issue with clear moral blacks and whites that you seem to think it is. Companies need MitM certs to fully implement DLP and protect proprietary data - HR info, trade secrets, unpublished financials. Without them, SSL-protected external sites are potentially back-channels for the leakage of anything someone decides to leak. Workers don't understand what the lines are between work-related and personal network usage. Companies would be suicidal to just give up on this. So, what would you propose as an alternative? -- --David Frier _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists