Mozilla Accepts Chinese CNNIC Root CA Certificate

Josh Triplett writes "Last October, Mozilla accepted the China Internet Network Information Center as a trusted CA root (Bugzilla entry). This affects Firefox, Thunderbird, and other products built on Mozilla technologies. The standard period for discussion passed without comment, and Mozilla accepted CNNIC based on the results of a formal audit. Commenters in the bug report and the associated discussion have presented evidence that the Chinese government controls CNNIC, and surfaced claims of malware production and distribution and previous man-in-the-middle attacks in China via their secondary CA root from Entrust. As usual, please refrain from blindly chiming into the discussion without supporting evidence. Since Mozilla has already accepted CNNIC as a trusted root CA, the burden rests with those who argue for its removal."

Re:delete cert? finger in dike

[Onymous+Coward]

The world is not a better place after your comment, neither more enlightened nor amused.

Please note, everyone, it does not help the world or you to post simply because you have feelings you need to vent. Please make your communication constructive. And vent your feelings to your teddy bear.

Re: As usual, please refrain from blindly chiming

[jandersen]

The question is, should it be removed for the safety of others?

This is nothing more than simple bigotry. You want them removed, not because they are more likely to abuse their position, but because they are Chinese or "Communists" or whatever. Why should I trust CNNIC less than, eg Microsoft Internet Authority, Deutsche Telekom or Sociedad Cameral de Certificacion Digital, just to mention three at random?

The whole point of root certs is trust

No, the point is convenience. It is ultimately your own responsibility who you choose to trust, which is why you can edit the list of authorities your browser trusts.