Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Wednesday April 08 2015, @04:22AM   Printer-friendly
from the about-as-far-as-I-can-throw-you dept.

El Reg has published a story which discusses the steps Google and Mozilla are taking, in response to the apparent misuse of a China Internet Network Information Center (CNNIC) intermediate Cetificate Authority (CA) administered by MCS Holdings, who claim it was all just a big mistake.

Firefox-maker Mozilla has joined Google in refusing to recognize SSL certificates issued by the China Internet Network Information Centre (CNNIC).

This should not be a surprise since:

This comes after a security biz in Egypt used a CNNIC-issued intermediate certificate to create unauthorized SSL certs that could be used to trick people into connecting to bogus, password-stealing Gmail.com or Google.com websites.

As a result:

[A]ll Mozilla products – including the Firefox web browser and the Thunderbird email client, among others – will be updated so that all CNNIC-based certificates issued on or after April 1, 2015 are considered untrusted.

Mozilla said it also plans to ask CNNIC for a comprehensive list of all of its current valid certificates. Any certificates issued before April 1 that are not included on this whitelist will also be subject to potential "further action."

Microsoft has also revoked the suspect CNNIC intermediate CA:

Microsoft is updating the Certificate Trust list (CTL) to remove the trust of the subordinate CA certificate. The trusted root Certificate Authority, the China Internet Network Information Center (CNNIC), has also revoked the certificate of the subordinate CA.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by NotSanguine on Wednesday April 08 2015, @09:31PM

    by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Wednesday April 08 2015, @09:31PM (#167995) Homepage Journal

    According to Statcounter (the very source also Wikipedia cites), IE is now at 12.29%, while Firefox is at 11.68%. While the IE number is in fact larger, the difference is so small that I'm not even sure that it isn't inside the (not given) error bar.

    In that case, let's say that Firefox and IE are in a dead heat WRT to market share. Even better, let's assume that the difference is within the margin of error and Firefox has a larger market share than IE.

    How does that change my contention that that if it's worth reporting the actions of Mozilla in this case, it's worth reporting what Microsoft's actions are too?

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by maxwell demon on Thursday April 09 2015, @06:46AM

    by maxwell demon (1608) on Thursday April 09 2015, @06:46AM (#168206) Journal

    Where did I say that it does?

    --
    The Tao of math: The numbers you can count are not the real numbers.
    • (Score: 2) by NotSanguine on Thursday April 09 2015, @07:40AM

      by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Thursday April 09 2015, @07:40AM (#168213) Homepage Journal

      Where did I say that it does?

      If that wasn't your intent, then what was your point?

      Was it that the error bars on the survey used to collect the data we both cited were unknown? Which, I suppose, could be useful information in certain contexts.

      I'm not sure what that has to do with including information about Microsoft's or Mozilla's response to the issues with CNNIC/MCS Holdings CA certificates. Please enlighten me.

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr
      • (Score: 2) by maxwell demon on Thursday April 09 2015, @05:40PM

        by maxwell demon (1608) on Thursday April 09 2015, @05:40PM (#168415) Journal

        My point was to clarify that IE has not a significantly higher market share than Firefox. Not every reply must be related to the main point of a post.

        --
        The Tao of math: The numbers you can count are not the real numbers.