An Untrustworthy TLS Certificate in Browsers
10 views
Skip to first unread message
Paul Kosinski
Nov 17, 2022, 9:54:31 PM11/17/22
to enter...@mozilla.org
From https://www.schneier.com/blog/archives/2022/11/an-untrustworthy-tls-certificate-in-browsers.html
An Untrustworthy TLS Certificate in Browsers
The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy:
Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding users to them seamlessly.
The company’s Panamanian registration records show that it has the identical slate of officers, agents and partners as a spyware maker identified this year as an affiliate of Arizona-based Packet Forensics, which public contracting records and company documents show has sold communication interception services to U.S. government agencies for more than a decade.
...
[More at the site]
An Untrustworthy TLS Certificate in Browsers
The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy:
Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding users to them seamlessly.
The company’s Panamanian registration records show that it has the identical slate of officers, agents and partners as a spyware maker identified this year as an affiliate of Arizona-based Packet Forensics, which public contracting records and company documents show has sold communication interception services to U.S. government agencies for more than a decade.
...
[More at the site]
Mike Kaply
Nov 18, 2022, 9:43:18 AM11/18/22
to Paul Kosinski, enter...@mozilla.org
You can see discussion of this including our responses here:
and here:
Mike
--
You received this message because you are subscribed to the Google Groups "enter...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to enterprise+...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/enterprise/20221117215425.1b7ad5a6%40ime1.iment.local.
Reply all
Reply to author
Forward
0 new messages