Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Is Considering Revoking TeliaSonera Trust For Sales To Dictators

Posted by Soulskill on from the trust-must-be-deserved dept.

ndogg writes "Mozilla is considering pulling TeliaSonera from its list of root certificate SSL providers. They have asked for comments on this on their mailing list. They're concerned about the use of the certificates by those governments for spying on its citizens, particularly in Azerbaijan, Kazakhstan, Georgia, Uzbekistan and Tajikistan — where TeliaSonera operates subsidiaries or is heavily invested. Mozilla's concern is that TeliaSonera has possibly issued certificates that allow hardline government servers to masquerade as legitimate websites — so-called man-in-the-middle attacks — and decrypt web traffic. This alleged activity would contradict Mozilla's policy against 'knowingly issuing certificates without the knowledge of the entities whose information is referenced in the certificates.'"

4 of 123 comments (clear)

  1. Re:Mozilla Corporation - Fighting for Freedom agai by agm · · Score: 5, Insightful

    The whole point of certificates and SSL is to protect communications between the browser and the web server. It's not "to protect communications from everyone except the government". It's to protect it from EVERYONE - including (and sometimes especially) the government.

  2. Re:Mozilla Corporation - Fighting for Freedom agai by Runaway1956 · · Score: 5, Insightful

    Strange. Almost everyone who has issues with the corruption found in American politics is labeled as a "communist".

    And, if my wealth, relative to that of the rest of the world, depends on a subservient Latin America - well, I don't need or want it.

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  3. Re:Mozilla Corporation - Fighting for Freedom agai by Anonymous Coward · · Score: 5, Insightful

    First, this is coming from a die hard libertarian.

    You do realize that the idea of taxes is to pay for things that everyone uses, but would be infeasible to be run by private entities. This so called extortion you speak of is basically making you pay for that which you use. i.e. not stealing it. Any sane individual has no problem with paying taxes for public services, the disagreement comes into what should be a public service and what should not.

    And you're statement on fraud confirms you do not know what fraud is. I may not know everything the government does with the money I give them, but I do know that it's not swindled from me, and I do know what a lot of it goes towards. Fraud would be being told you're paying for one thing, then either not getting it at all, or getting something very different, and worth much less.

    And everything is pro-freedom except when it's not. I expect to be free to do what I want, except when it violates the freedoms of other people. I don't expect to have the freedom to get in my car drunk off my ass and drive down the road. That endangers the freedom of other people to exist.

    Seriously, are you trolling or just stupid?

  4. Haha. Ok, what about Verisign/etc? by X.25 · · Score: 5, Insightful

    I mean, they've been issuing intermediate CA certs to various 'friendly' governments and agencies, to support MITM (for 'lawful interceptions' only, of course).

    Will Mozilla remove them too, since they seem to be breaching that same policy?