Forgot your password?
typodupeerror
Mozilla Privacy The Internet Your Rights Online

Mozilla Debates Whether To Trust Chinese CA 276

Posted by timothy
from the but-that-would-never-happen dept.
At his Freedom to Tinker blog, Ed Felten has a thoughtful, accessible piece on the debate at Mozilla about whether Firefox, by default, should trust a Chinese certificate authority (as it has since October). Felten explains in clear language why this is significant, and therefore controversial. An excerpt: "To see why this is worrisome, let's suppose, just for the sake of argument, that CNNIC were a puppet of the Chinese government. Then CNNIC's status as a trusted CA would give it the technical power to let the Chinese government spy on its citizens' 'secure' web connections. If a Chinese citizen tried to make a secure connection to Gmail, their connection could be directed to an impostor Gmail site run by the Chinese government, and CNNIC could give the impostor a cert saying that the government impostor was the real Gmail site."
This discussion has been archived. No new comments can be posted.

Mozilla Debates Whether To Trust Chinese CA

Comments Filter:

fortune: not found

Working...