Comments:
Firefox Team,
Can you please explain to me why the Wells Fargo certificate is a part
of the trusted root CA's in your browser? This seems like a major
security flaw to me.
Thank You,
Chris Dean
Chris,
Firefox embedded our certificate at our request. We request this for our
root certificate for all browsers, as do all the other Certificate
Authorities (Verisign, GTE, etc.). The certificates have been vetted by the
browser manufacturer. If you believe that it should not be trusted please
contact Firefox.
Thank you,
David E. Anderson
Information Security Analyst - RAO
Enterprise Key Management & Public Key Infrastructure Team
Cryptographic Services|IST|TGS|TOG|Wells Fargo
2600 S. Price Rd. Chandler, AZ 85286 MAC S3929-022
Phone: 480-724-4731
"This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, or take any action based on this message or
any information herein. If you have received this message in error, please
advise the sender immediately by reply e-mail and delete this message. Thank
you for your cooperation."
-----Original Message-----
From: w...@wellsfargo.com [mailto:w...@wellsfargo.com]
Sent: Friday, January 15, 2010 10:58 AM
To: PK-SECURE
Subject: CPS Question
First Name : chris
Last Name : dean
Email Address : ch...@wcdean.com
Question : why do you embed your certificate into the default install of
Firefox? this seems like a security flaw to me.
Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)
From URL: http://hendrix.mozilla.org/
Note to readers: Hendrix gives no expectation of a response to this feedback
but if you wish to provide one you must BCC (not CC) the sender for them to
see it.