Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Debates Whether To Trust Chinese CA

Posted by timothy on from the but-that-would-never-happen dept.

At his Freedom to Tinker blog, Ed Felten has a thoughtful, accessible piece on the debate at Mozilla about whether Firefox, by default, should trust a Chinese certificate authority (as it has since October). Felten explains in clear language why this is significant, and therefore controversial. An excerpt: "To see why this is worrisome, let's suppose, just for the sake of argument, that CNNIC were a puppet of the Chinese government. Then CNNIC's status as a trusted CA would give it the technical power to let the Chinese government spy on its citizens' 'secure' web connections. If a Chinese citizen tried to make a secure connection to Gmail, their connection could be directed to an impostor Gmail site run by the Chinese government, and CNNIC could give the impostor a cert saying that the government impostor was the real Gmail site."

1 of 276 comments (clear)

  1. Re:Well in that case by bunratty · · Score: 0, Offtopic

    And you are lynching Negroes. Uh, I mean, and we are lynching Negroes. I think.

    --
    What a fool believes, he sees, no wise man has the power to reason away.