Slashdot Mirror


Mozilla Debates Whether To Trust Chinese CA

At his Freedom to Tinker blog, Ed Felten has a thoughtful, accessible piece on the debate at Mozilla about whether Firefox, by default, should trust a Chinese certificate authority (as it has since October). Felten explains in clear language why this is significant, and therefore controversial. An excerpt: "To see why this is worrisome, let's suppose, just for the sake of argument, that CNNIC were a puppet of the Chinese government. Then CNNIC's status as a trusted CA would give it the technical power to let the Chinese government spy on its citizens' 'secure' web connections. If a Chinese citizen tried to make a secure connection to Gmail, their connection could be directed to an impostor Gmail site run by the Chinese government, and CNNIC could give the impostor a cert saying that the government impostor was the real Gmail site."

4 of 276 comments (clear)

  1. you cant stop governments by Anonymous Coward · · Score: -1, Troll

    Aint that exactly what happened with bush in America so why concern yourself with the affairs of governments.
    They are full of win we are full of lose

  2. Re:I wonder... by Anonymous Coward · · Score: -1, Troll

    you consider "how to use photoshop" computer science? no wonder you have so many retards in your courses.

  3. Re:Well in that case by Anonymous Coward · · Score: -1, Troll

    I guess this is true, although considering the amount of malware coming out of China, and China's human rights record as compared to north american countries, I think there is reason not to equivocate about this.

    Where's your proof? Or are you just parroting hate for the sake of parroting hate?

  4. Re:No trust. by Anonymous Coward · · Score: -1, Troll

    Not really. They would rather trust China then any Zionist Occupied Government / Jew World Order countries. (All NATO countries are in this list)