Slashdot Mirror
Mozilla Is Considering Revoking TeliaSonera Trust For Sales To Dictators
ndogg writes "Mozilla is considering pulling TeliaSonera from its list of root certificate SSL providers. They have asked for comments on this on their mailing list. They're concerned about the use of the certificates by those governments for spying on its citizens, particularly in Azerbaijan, Kazakhstan, Georgia, Uzbekistan and Tajikistan — where TeliaSonera operates subsidiaries or is heavily invested. Mozilla's concern is that TeliaSonera has possibly issued certificates that allow hardline government servers to masquerade as legitimate websites — so-called man-in-the-middle attacks — and decrypt web traffic. This alleged activity would contradict Mozilla's policy against 'knowingly issuing certificates without the knowledge of the entities whose information is referenced in the certificates.'"
Instead of trusting any of these companies (they'll sell to the US government as well, I'm sure), why not switch to Convergence? It reduces the need to trust companies like this.
Mozilla (and Google, and other browser makers) should include it by default in all their products (even if turned off) to make it easier for people to switch away from centralised systems. Viva le revolucion.
Mozilla still includes all kinds of questionable cert authorities. Once I learned that, I had to go through my default Firefox installs and remove all the ones by Chinese government arms and similar.
Why single out these countries? I will never need a cert signed by a foreign government - ANY foreign government. There are probably only about 5% of authorities I actually might trust included in Firefox. The rest are illegitimate for 99% of users.
Hell did any government official go to jail for the Gulf Of Tonkin false flag which cost 58,000 Americans their lives? How about for Fast & Furious which handed drug cartels weapons by the truckload and killed at least one border agent and countless civilians?
Frankly the US government is just as nasty and corrupt as the rest, read general Butler's "War is a racket" speech sometime. That speech is nearly a century old and could have been taken from the current papers, wars all over the place for the benefit of a few rich people and corps, if the US gov told me it was raining outside? I'd want a second opinion.
ACs don't waste your time replying, your posts are never seen by me.
The whole point of certificates and SSL is to protect communications between the browser and the web server. It's not "to protect communications from everyone except the government". It's to protect it from EVERYONE - including (and sometimes especially) the government.
"As nasty and corrupt as..." ... China under Mao? Venezuela under Chavez? Cuba under Castro? The USSR under Lenin and Stalin? Cambodia under Pol Pot? The NPRK under the various Kims? Zimbabwe under Mugabe? Zaire/the Congo under Mobutu?
Care to revise your bullshit story?
For all of America's, the American government's, and its leaders' flaws - and of course they are many (and one wonders how your life would stand up upon the withering criticism and examination that the life of a President, for example, gets) - I believe very few of our leaders have ever had a genuine desire to harm people nor have they harbored a profound megalomania. Ego - of course; megalomania - no. Sure, go ahead and despise a President because of their ideological orientation that you disagree with but the notion of the Chomskyites, this strange Kool-Aid they like to guzzle, being fed doses of pablum about "American Imperialism" and the "Military-Industrial Complex" and railing endlessly about the "Evils of Capitalism" yet enjoying its countless benefits (you know, like jobs, homes, clothes, electronics, computers, global air travel, and this weird little thing called the Internet), never proffering a meaningful let alone viable alternative, I am convinced is one of the luxuries provided by the American model of capitalism and Constitutional governance. Trust me if you were to write what you wrote about Mugabe your flesh-burned and -torn body (they wouldn't spend a bullet on you, lest they lose out on a good opportunity to torture you first) would soon be found on the roadside somewhere.
And, if you despise America, think it hopelessly corrupt and nasty "as the rest" then why not leave it for greener pastures? Maybe some other country has it figured out better than we do? According to Michael Moore, Cuba has the best medical care in the world. Just ask Hugo Chavez.
Strange. Almost everyone who has issues with the corruption found in American politics is labeled as a "communist".
And, if my wealth, relative to that of the rest of the world, depends on a subservient Latin America - well, I don't need or want it.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
First, this is coming from a die hard libertarian.
You do realize that the idea of taxes is to pay for things that everyone uses, but would be infeasible to be run by private entities. This so called extortion you speak of is basically making you pay for that which you use. i.e. not stealing it. Any sane individual has no problem with paying taxes for public services, the disagreement comes into what should be a public service and what should not.
And you're statement on fraud confirms you do not know what fraud is. I may not know everything the government does with the money I give them, but I do know that it's not swindled from me, and I do know what a lot of it goes towards. Fraud would be being told you're paying for one thing, then either not getting it at all, or getting something very different, and worth much less.
And everything is pro-freedom except when it's not. I expect to be free to do what I want, except when it violates the freedoms of other people. I don't expect to have the freedom to get in my car drunk off my ass and drive down the road. That endangers the freedom of other people to exist.
Seriously, are you trolling or just stupid?
How about giving us a specific link to a faked cetificate from a specific "US" CA?
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
I mean, they've been issuing intermediate CA certs to various 'friendly' governments and agencies, to support MITM (for 'lawful interceptions' only, of course).
Will Mozilla remove them too, since they seem to be breaching that same policy?
US, Canadian and European governments also spy on their citizens. So Mozilla now needs to determine whose spying is good and whose spying is bad. I'm not sure that's a business that Mozilla should be in.
Perhaps a better solution would be to make it easier and more user friendly for people to detect questionable certificates and choose which certificates you trust. But, of course, that would upset Western governments...
Your original comment said "Frankly the US government is just as nasty and corrupt as the rest[...]", against which examples of other, worse regimes is a quite effective argument.