Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror

Comment How could this work? (Score 1) 276

by JustinLong (#31248332) Attached to: Mozilla Debates Whether To Trust Chinese CA
I don't see how this would work. It makes the argument that if a CA were under the authority of a government (e.g. China) then it could redirect you to a fake Gmail site but you would think it was actually Gmail. Wouldn't this also require the DNS to be controlled by a government? And even if they did redirect you to a fake site... you'd know it was a fake site because your email wouldn't be there, because you weren't accessing Gmail but a different server. The most they could get you to do (possibly) is divulge your password, right?
Mozilla

Mozilla Debates Whether To Trust Chinese CA 276

Posted by timothy from the but-that-would-never-happen dept.
At his Freedom to Tinker blog, Ed Felten has a thoughtful, accessible piece on the debate at Mozilla about whether Firefox, by default, should trust a Chinese certificate authority (as it has since October). Felten explains in clear language why this is significant, and therefore controversial. An excerpt: "To see why this is worrisome, let's suppose, just for the sake of argument, that CNNIC were a puppet of the Chinese government. Then CNNIC's status as a trusted CA would give it the technical power to let the Chinese government spy on its citizens' 'secure' web connections. If a Chinese citizen tried to make a secure connection to Gmail, their connection could be directed to an impostor Gmail site run by the Chinese government, and CNNIC could give the impostor a cert saying that the government impostor was the real Gmail site."

Slashdot Top Deals

"If people are good only because they fear punishment, and hope for reward, then we are a sorry lot indeed." -- Albert Einstein

Close