Slashdot Mirror
Mozilla Accepts Chinese CNNIC Root CA Certificate
Josh Triplett writes "Last October, Mozilla accepted the China Internet Network Information Center as a trusted CA root (Bugzilla entry). This affects Firefox, Thunderbird, and other products built on Mozilla technologies. The standard period for discussion passed without comment, and Mozilla accepted CNNIC based on the results of a formal audit. Commenters in the bug report and the associated discussion have presented evidence that the Chinese government controls CNNIC, and surfaced claims of malware production and distribution and previous man-in-the-middle attacks in China via their secondary CA root from Entrust. As usual, please refrain from blindly chiming into the discussion without supporting evidence. Since Mozilla has already accepted CNNIC as a trusted root CA, the burden rests with those who argue for its removal."
Wow, youre so new here, youre still dripping wet and covered in placenta.
Edit -> Preferences -> Advanced -> Encryption -> View Certificates -> Authorities -> ... -> Profit
Just wait while I go infiltrate the Chinese government to determine if they are doing bad things through CNNIC, so I can come back with evidence. While I'm at it, I'll be travelling through West Africa and I have the sum of $1,000,000,000 USD of money stashed there and I need your help to get it out of the country. I will give you 10% guaranteed.....
"Is there an add-on that does this automatically?"
There supposedly is, except its certification is provided by CNNIC...
What's a MiTH attack? Man in ..?
What's a MiTH attack? Man in ..?
Man in The Hat
Why is CNNIC untrustworthy ? In plain English please.
I'm sorry sir, the certificate is in Chinese.
These posts express my own personal views, not those of my employer
Wow, youre so new here, youre still dripping wet and covered in placenta.
And a Chinese, heavy metal laden one, at that.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"