Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Debates Whether To Trust Chinese CA

Posted by timothy on from the but-that-would-never-happen dept.

At his Freedom to Tinker blog, Ed Felten has a thoughtful, accessible piece on the debate at Mozilla about whether Firefox, by default, should trust a Chinese certificate authority (as it has since October). Felten explains in clear language why this is significant, and therefore controversial. An excerpt: "To see why this is worrisome, let's suppose, just for the sake of argument, that CNNIC were a puppet of the Chinese government. Then CNNIC's status as a trusted CA would give it the technical power to let the Chinese government spy on its citizens' 'secure' web connections. If a Chinese citizen tried to make a secure connection to Gmail, their connection could be directed to an impostor Gmail site run by the Chinese government, and CNNIC could give the impostor a cert saying that the government impostor was the real Gmail site."

2 of 276 comments (clear)

  1. Re:China by darthaya · · Score: 0, Flamebait

    The most popular browser in China is IE6. You know why? Because it runs on pirated XP best.

  2. Re:Well in that case by quenda · · Score: 0, Flamebait

    on mentally retarded children, sterilized them

    oh don't be such a pussy. What is the alternative for someone with a mental age of 5, and a teenage body full of hormones? You think it is better to keep them locked up? Let them breed? Teach them "christian values"?

    feeding Illinois state prisoners a diet that is known to cause organ failure

    The average western school canteen does that.