×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mozilla Is Considering Revoking TeliaSonera Trust For Sales To Dictators

Soulskill posted 1 year,7 days | from the trust-must-be-deserved dept.

Mozilla 123

ndogg writes "Mozilla is considering pulling TeliaSonera from its list of root certificate SSL providers. They have asked for comments on this on their mailing list. They're concerned about the use of the certificates by those governments for spying on its citizens, particularly in Azerbaijan, Kazakhstan, Georgia, Uzbekistan and Tajikistan — where TeliaSonera operates subsidiaries or is heavily invested. Mozilla's concern is that TeliaSonera has possibly issued certificates that allow hardline government servers to masquerade as legitimate websites — so-called man-in-the-middle attacks — and decrypt web traffic. This alleged activity would contradict Mozilla's policy against 'knowingly issuing certificates without the knowledge of the entities whose information is referenced in the certificates.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

123 comments

Sounds like a legitmate use to me! (0)

Anonymous Coward | 1 year,7 days | (#43466843)

Sounds like a legitmate use to me!

Mozilla Corporation - Fighting for Freedom against (0)

Anonymous Coward | 1 year,7 days | (#43466863)

Better revoke all those root certificates in control of US-based companies.

Re:Mozilla Corporation - Fighting for Freedom agai (1)

interval1066 (668936) | 1 year,7 days | (#43466959)

Yeah, I was just going to say... better pull the certs of servers in the US then...

Re:Mozilla Corporation - Fighting for Freedom agai (4, Insightful)

rtfa-troll (1340807) | 1 year,7 days | (#43469445)

How about giving us a specific link to a faked cetificate from a specific "US" CA?

Re:Mozilla Corporation - Fighting for Freedom agai (0)

Anonymous Coward | 1 year,6 days | (#43470905)

How about giving us a specific link to a faked certificate from a specific "Azerbaijan", "Kazakhstan", "Georgia", "Uzbekistan" or "Tajikistan" CA?

Re:Mozilla Corporation - Fighting for Freedom agai (-1)

Anonymous Coward | 1 year,7 days | (#43466989)

Mozilla needs to mind it's own fucking business. Every government in the world is corrupt from a point of view. This is just as disgusting as the US government invading and forcing the "American way" on other countries. Each country is a culture, many of which have existed for a very long time. To the people who live there, it is simply how life is. There is no good or bad.

Re:Mozilla Corporation - Fighting for Freedom agai (4, Insightful)

hairyfeet (841228) | 1 year,7 days | (#43467093)

Hell did any government official go to jail for the Gulf Of Tonkin false flag which cost 58,000 Americans their lives? How about for Fast & Furious which handed drug cartels weapons by the truckload and killed at least one border agent and countless civilians?

Frankly the US government is just as nasty and corrupt as the rest, read general Butler's "War is a racket" speech sometime. That speech is nearly a century old and could have been taken from the current papers, wars all over the place for the benefit of a few rich people and corps, if the US gov told me it was raining outside? I'd want a second opinion.

Re:Mozilla Corporation - Fighting for Freedom agai (0, Troll)

Anonymous Coward | 1 year,7 days | (#43467225)

Frankly the US government is just as nasty and corrupt as the rest, read general Butler's "War is a racket" speech sometime. That speech is nearly a century old and could have been taken from the current papers, wars all over the place for the benefit of a few rich people and corps.

Smedley Butler was, if not an outright Communist, at least a fellow traveller. His views on American's wars of the era are therefore tainted by the particular ideology that gripped him at that time, and he was not a dispassionate commentator.

With the benefit of hindsight, Americans today can look back and see that US military intervention in Central America was not just stimulated by the desire to benefit a few corporations, but a wise political decision to expand America's power and reduce the threat from other countries. (Sure, some corporations were helped, but so what; if there were material rewards to reap from our foreign interventions, then certainly they should go to our boys.) And America's increasing muscle didn't benefit just "a few rich people", but everyone: American prosperity during the 20th century, things like the rise of the middle class, depended on keeping Latin America poor and subservient.

Re:Mozilla Corporation - Fighting for Freedom agai (5, Insightful)

Runaway1956 (1322357) | 1 year,7 days | (#43468797)

Strange. Almost everyone who has issues with the corruption found in American politics is labeled as a "communist".

And, if my wealth, relative to that of the rest of the world, depends on a subservient Latin America - well, I don't need or want it.

Re:Mozilla Corporation - Fighting for Freedom agai (0)

Anonymous Coward | 1 year,7 days | (#43469003)

I'd be willing that's a bit of talk, that you aren't willing to walk if things actually came to it.

There's nothing stopping you from doing it, so go ahead and move down there.

Re:Mozilla Corporation - Fighting for Freedom agai (0)

Anonymous Coward | 1 year,6 days | (#43471019)

Your wealth, relative to that of the rest of the world, depends on a subservient China. Do you prefer it that way?

Re:Mozilla Corporation - Fighting for Freedom agai (1, Insightful)

X.25 (255792) | 1 year,7 days | (#43469683)

Smedley Butler was, if not an outright Communist, at least a fellow traveller. His views on American's wars of the era are therefore tainted by the particular ideology that gripped him at that time, and he was not a dispassionate commentator.

Hahaha. Are you actually using this as an argument?

Wow.

Re:Mozilla Corporation - Fighting for Freedom agai (2, Insightful)

Anonymous Coward | 1 year,7 days | (#43468023)

"As nasty and corrupt as..." ... China under Mao? Venezuela under Chavez? Cuba under Castro? The USSR under Lenin and Stalin? Cambodia under Pol Pot? The NPRK under the various Kims? Zimbabwe under Mugabe? Zaire/the Congo under Mobutu?

Care to revise your bullshit story?

For all of America's, the American government's, and its leaders' flaws - and of course they are many (and one wonders how your life would stand up upon the withering criticism and examination that the life of a President, for example, gets) - I believe very few of our leaders have ever had a genuine desire to harm people nor have they harbored a profound megalomania. Ego - of course; megalomania - no. Sure, go ahead and despise a President because of their ideological orientation that you disagree with but the notion of the Chomskyites, this strange Kool-Aid they like to guzzle, being fed doses of pablum about "American Imperialism" and the "Military-Industrial Complex" and railing endlessly about the "Evils of Capitalism" yet enjoying its countless benefits (you know, like jobs, homes, clothes, electronics, computers, global air travel, and this weird little thing called the Internet), never proffering a meaningful let alone viable alternative, I am convinced is one of the luxuries provided by the American model of capitalism and Constitutional governance. Trust me if you were to write what you wrote about Mugabe your flesh-burned and -torn body (they wouldn't spend a bullet on you, lest they lose out on a good opportunity to torture you first) would soon be found on the roadside somewhere.

And, if you despise America, think it hopelessly corrupt and nasty "as the rest" then why not leave it for greener pastures? Maybe some other country has it figured out better than we do? According to Michael Moore, Cuba has the best medical care in the world. Just ask Hugo Chavez.

Re:Mozilla Corporation - Fighting for Freedom agai (1, Insightful)

hairyfeet (841228) | 1 year,7 days | (#43469157)

So because Stalin was a dick, the feds are...what? Given a free pass because "Hey they ain't beating me with a tire iron herpa de derpa". That is about the DUMBEST fucking argument I have EVER read, and since we are talking about the net that is a pretty mean feat...congrats. Oh I noticed you didn't have the balls to have a UID, kinda sad when you don't even have the balls to stand behind your bullshit, maybe because even you could see the problems with it?

BTW that was the SAME ARGUMENT used by McCarthy during his red scare which ruined lives and helped lead to the 58,000 that died for nothing in Vietnam...again GREAT company you are keeping there sparky.

Re: Mozilla Corporation - Fighting for Freedom aga (1)

MysteriousPreacher (702266) | 1 year,7 days | (#43469765)

Oh I noticed you didn't have the balls to have a UID, kinda sad when you don't even have the balls to stand behind your bullshit

As opposed to Mr. Hairyfeet of 4 Riverside Drive, Boston who risks his political career whenever he posts?

Yeah it's more credible when there's a tag associated, but it's not taking balls to log in and create an account. I could post any amount of heinous shit myself and walk away with my life working just perfectly.

Re: Mozilla Corporation - Fighting for Freedom aga (0)

Anonymous Coward | 1 year,7 days | (#43469955)

How do you know where he lives?

Re:Mozilla Corporation - Fighting for Freedom agai (4, Insightful)

sFurbo (1361249) | 1 year,7 days | (#43470495)

Your original comment said "Frankly the US government is just as nasty and corrupt as the rest[...]", against which examples of other, worse regimes is a quite effective argument.

lol (0)

Anonymous Coward | 1 year,7 days | (#43470695)

ya like how many 4 worse out of 200 or so...ya that's being something to be proud of. China which you do so much trade form you might as well say is part of america...being what just slightly worse then you

Re:Mozilla Corporation - Fighting for Freedom agai (0)

hairyfeet (841228) | 1 year,6 days | (#43471391)

And again your argument boils down to "Its okay that they raped me because if it would have been the other bunch they would have fisted me as well"...and you HONESTLY can't see the fault with that logic? this isn't a popularity contest, how many around the world have DIED by direct involvement of the US government since 1960?

And as for the other guy...who in the fuck would think I'm from Boston? that ain't even in the same timezone first off, and second if you are too God damned lazy to even spend the 3 whole minutes registering why in the hell should we give a shit what you think? With all the trolls and shills hiding behind AC so nobody can see their past posts frankly the opinions of most ACs are worth a bucket of piss as far as I'm concerned, get off your lazy ass and spend less time than it took to spew the bullshit and post as a user as sFurbo at least had the balls to do. I may not agree with a word he says, just as me and Crosshair have had some pretty heated arguments over issues I can AT LEAST respect the fact that unlike the AC spewing bullshit he has the balls to stand by his comment history for all to see.,

Re:Mozilla Corporation - Fighting for Freedom agai (2)

sFurbo (1361249) | 1 year,6 days | (#43471539)

I am not saying anything about what is OK, and I think much of what the US government is doing and have done is very far from OK.

But that was not what we were discussing. You said that the US government was "as nasty and corrupt as the rest", the AC pointed out some examples that he felt was worse while acknowledging that the US did have its own problem, and you interpreted that as giving the US a free pass. I pointed out that that was not what the AC said, and you have now accused ME of saying everything the US does is OK. Lets see if you can get a hattrick, and misinterpret this post as well!

Re:Mozilla Corporation - Fighting for Freedom agai (1, Offtopic)

_merlin (160982) | 1 year,7 days | (#43470757)

The 58,000 of you are nothing compared to the 400,000 civilians killed in a war that you had to use a false flag operation to start. What about them? What about the ongoing effects of what you left behind? My wife's cousin not only can't speak but has no concept of language because of the dioxins in the food chain. It really makes my blood boil when I see shit in the media that ignores the cost to Vietnam while making a big deal over the loss of American or Australian lives, or the effects of agent orange on foreign veterans. There's nothing to feel sorry for, that's the price you paid for a war you had no business starting.

If I can pull a Godwin, the winners of WW2 get to write history, build memorials to their lost, and demonise the other side. Accused perpetrators were tried and executed. There's no mourning for the Nazi soldiers who followed their government's orders to fight. There doesn't even seem to be much sympathy for the civilians who perished in the fire bombings. Why doesn't VN get the same luxury? They won the fucking war and got their own country back, but they're still painted as the bad guys. There's no sympathy for the civilians, the perpetrators of the war were never held to account, there's no compensation for the lingering effects. And I get a nice reminder of this every time I catch up with the extended family.

Re:Mozilla Corporation - Fighting for Freedom agai (2)

fustakrakich (1673220) | 1 year,7 days | (#43469503)

According to Michael Moore, Cuba has the best medical care in the world. Just ask Hugo Chavez.

No. The US has the best medical care in the world. Just ask Michael Jackson.

Re:Mozilla Corporation - Fighting for Freedom agai (0)

Anonymous Coward | 1 year,7 days | (#43470399)

The US does have some of the best medical care in the world. It is just that it is not very good with respect to the price. The high price of US medical care stem from two primary factors.

1. Liability of doctors.
2. Lack of mandatory health insurance.

Due to issue 1 in combination with the in general ridiculously high lawsuit awards in the US, doctors have to take out very expensive insurances, having to pay sometimes more than a million USD per year for their lawsuit protection; this cost spills over on the health insurance costs as the doctors need to get the funding to take out their lawsuit insurances. Issue 2 contributes substantially to the costs of the medical insurances; after all a person signing up for an insurance is more likely to already have an illness. The only way to get a reasonably priced medical insurance in the US is to be signed up to a group insurance, which is arranged by the company you are working for, however, even these are over priced due to issue 1.

Re:Mozilla Corporation - Fighting for Freedom agai (1)

X.25 (255792) | 1 year,7 days | (#43469693)

"As nasty and corrupt as..." ... China under Mao? Venezuela under Chavez? Cuba under Castro? The USSR under Lenin and Stalin? Cambodia under Pol Pot? The NPRK under the various Kims? Zimbabwe under Mugabe? Zaire/the Congo under Mobutu?

Care to revise your bullshit story?

For all of America's, the American government's, and its leaders' flaws - and of course they are many (and one wonders how your life would stand up upon the withering criticism and examination that the life of a President, for example, gets) - I believe very few of our leaders have ever had a genuine desire to harm people nor have they harbored a profound megalomania. Ego - of course; megalomania - no. Sure, go ahead and despise a President because of their ideological orientation that you disagree with but the notion of the Chomskyites, this strange Kool-Aid they like to guzzle, being fed doses of pablum about "American Imperialism" and the "Military-Industrial Complex" and railing endlessly about the "Evils of Capitalism" yet enjoying its countless benefits (you know, like jobs, homes, clothes, electronics, computers, global air travel, and this weird little thing called the Internet), never proffering a meaningful let alone viable alternative, I am convinced is one of the luxuries provided by the American model of capitalism and Constitutional governance. Trust me if you were to write what you wrote about Mugabe your flesh-burned and -torn body (they wouldn't spend a bullet on you, lest they lose out on a good opportunity to torture you first) would soon be found on the roadside somewhere.

And, if you despise America, think it hopelessly corrupt and nasty "as the rest" then why not leave it for greener pastures? Maybe some other country has it figured out better than we do? According to Michael Moore, Cuba has the best medical care in the world. Just ask Hugo Chavez.

You are probably under 30, since it would appear you don't understand what USA was 30+ years ago and why people see USA as horribly horribly corrupt country.

But of course, your short life experience and Wikipedia make you competent to bleath about anything you wish.

Re:Mozilla Corporation - Fighting for Freedom agai (1)

VortexCortex (1117377) | 1 year,7 days | (#43470077)

I believe very few of our leaders have ever had a genuine desire to harm people nor have they harbored a profound megalomania. Ego - of course; megalomania - no.

What is, Manifest Destiny's Child.

I'll take ironic idiots for $1000, Alex.

Re:Mozilla Corporation - Fighting for Freedom agai (0)

Anonymous Coward | 1 year,7 days | (#43470209)

China under Mao? Venezuela under Chavez? Cuba under Castro? The USSR under Lenin and Stalin? Cambodia under Pol Pot? ...

When elected politicians inflict a few million deaths, its acceptable because its less than the 40 million deaths suffered by a country which can't choose their leader. Then you won't mind being first in the ground assault during the next war?

... I believe very few of our leaders ...

Let's view this statement in the history of Vietnam: President Kennedy, agreed. President Johnson, agreed. President Nixon, talked about 'resolving' the war, then ordered more soldiers and bombs into Vietnam.

When one starts talking economics, uneducated political leaders run into 'deep water' very quickly, but they have to make the big decisions; it's a recipe for disaster.

... if you despise America ....

If you love America, similarly, you will get a gun and fight today's enemy of the USA .

Re:Mozilla Corporation - Fighting for Freedom agai (0)

Anonymous Coward | 1 year,7 days | (#43470411)

I am intrigued - you appear to be taking stabs at well-known communist leaders, grouping them all together, ignoring non-communist dictators. Then you suddenly add Mobutu to the end?

Did you not realise he had active backing from your government (until he was no longer deemed useful)?

Was it an attempt to appear unbiased?

Re:Mozilla Corporation - Fighting for Freedom agai (0)

Anonymous Coward | 1 year,7 days | (#43470493)

what a fucking dumb comment
your logic is shit house

Re:Mozilla Corporation - Fighting for Freedom agai (1, Insightful)

higuita (129722) | 1 year,7 days | (#43470809)

ok troll, i will bite it!

what, homeland security, FBI, NSA are angels?

The countless US invasions, the protection of dictators like Noriega, Pinochet and even Saddam just because (at their opinion its the less of two evils), the support of Islamic groups like the Taliban, etc, etc. Even today, with the CIA torture jails, Halliburton corruption, wall street and banks frauds show that you have nastiness and corruption all over the top US government and companies.

Probably the US is directly and indirectly responsible of more killings and problems than most of those countries.

People all over the world have the same "Capitalism benefits" as you, even if they are communists, fascists, tribal, etc!! things like jobs (duh!) , homes (double duh!) , clothes ( triple duh!) , electronics (all made in china today... that is communist!!) , computers (even URSS had their own computers!), air travel(duh!) and yes, even internet (call it arpanet, fidonet [wikipedia.org] , AMPRNet [wikipedia.org] or minitel [wikipedia.org] , what ever... arpanet won, but there where alternatives out there)

And yes, cuba have the BEST medical care in the world... and that limited high-tech medical machinery. In cuba everyone have full and free medical support, people around the world travel to cuba to use their medical cares for hard to solve problems (not free for non-residents of course). That doesnt mean that they can cure everything, that mean they give you the best treatment for your problem and long term support for it. No bullshit like, "Take this treatment, the other one a lot better, but is too expensive"... Everyone gets best treatment, not just the rich people.

Huge amount of money will also not give you better medical treatment, just ask Ted Kennedy [wikipedia.org] .

who is full of bullshit now?

stop looking to your own belly and thinking that you are the center of the world. US have good things, but it also have many bad things, just like every place in the world!

Re:Mozilla Corporation - Fighting for Freedom agai (5, Insightful)

agm (467017) | 1 year,7 days | (#43467163)

The whole point of certificates and SSL is to protect communications between the browser and the web server. It's not "to protect communications from everyone except the government". It's to protect it from EVERYONE - including (and sometimes especially) the government.

Re:Mozilla Corporation - Fighting for Freedom agai (0)

radiumsoup (741987) | 1 year,7 days | (#43467181)

There most certainly is a "good or bad" - your own assertion that every government in the world is corrupt supports that, in fact. I have no idea why you went on the anti-US rant there, but whatever.

The issue to discuss is the difficult position that Mozilla finds itself in now: an intentional and self-imposed obligation to act when cert authorities are compromised coupled with the unintended consequence of now having to decide if a Sovereign nation, acting legally within its own jurisdiction, constitutes a "compromised" cert auth. But it's their own damn fault for putting themselves in the situation where they presume to act on behalf of their userbase despite the userbase not all having identical use cases for their software.

I think their best course of action is for Mozilla to implement some sort of "greylist" that they can turn on something like a red SSL banner (instead of green) indicating a potentially compromised cert or key authority. That banner could then be turned on and off by the user if they desire, without the effect of cutting off legitimately issued SSL certs in the process. Nobody is cut off, but Mozilla feels better about warning end users of the "problem" that they feel obligated to act on. No harm except for the butthurt that some finite number of users might feel about "imperialists forcing morality" or whatever other rot they can conjure up.

Re:Mozilla Corporation - Fighting for Freedom agai (0)

Impy the Impiuos Imp (442658) | 1 year,7 days | (#43467953)

I like the US forcing its American Way on others, insofar as it means freedom.

I don't care about your religion.

I don't care about your culture.

I don't care about your politics.

Your desire to lord over me is not on an equal footing with my desire to be free.

It is about freedom -- of associaton, of speech, of property. Everyhing else, and I mean everything, is just sophistry by angry men trying to gather a group of follower, be it by vote or a local group of thugs.

Re:Mozilla Corporation - Fighting for Freedom agai (1, Redundant)

agm (467017) | 1 year,7 days | (#43468053)

I like the US forcing its American Way on others, insofar as it means freedom.

Unless you are gay and want to marry.

Want your children to learn real science in school and not pseudo-babble based on superstition.

Want to earn a living without the state confiscating some of it from you.

None of that indicates the US is pro-freedom.

Re:Mozilla Corporation - Fighting for Freedom agai (1)

ShanghaiBill (739463) | 1 year,7 days | (#43468167)

Unless you are gay and want to marry.

There are many places in America where gays can marry, and more states are considering it. We are moving in the right direction.

Want your children to learn real science in school and not pseudo-babble based on superstition.

Creationists and IDers have repeatedly been smacked down by the courts.

Want to earn a living without the state confiscating some of it from you.

American taxes are among the developed world's lowest.

None of that indicates the US is pro-freedom.

Would you care to name someplace better?

Re:Mozilla Corporation - Fighting for Freedom agai (1)

agm (467017) | 1 year,7 days | (#43468431)

Unless you are gay and want to marry.

There are many places in America where gays can marry, and more states are considering it. We are moving in the right direction.

It's hardly a country that loves freedom if it regulates people's personal lives like this.

Want to earn a living without the state confiscating some of it from you.

American taxes are among the developed world's lowest.

And yet those taxes are still there. How can the US be pro freedom if it actively harms people by confiscating property off them using a threat of force?

None of that indicates the US is pro-freedom.

Would you care to name someplace better?

I can't - but that doesn't mean (in any way at all) that the US is the bastian of freedom. It's not. Your government removes and dilutes your freedoms far too much.

Re:Mozilla Corporation - Fighting for Freedom agai (2)

tepples (727027) | 1 year,7 days | (#43468541)

It's hardly a country that loves freedom if it regulates people's personal lives like this.

It's a federal country. You have the freedom to leave a state that doesn't respect your freedom for one that does.

How can the US be pro freedom if it actively harms people by confiscating property off them using a threat of force?

Without taxation, there is no way to fund a court or police force. Without those, there is no way to enforce the laws against a private citizen using force or fraud to coerce another private citizen. Or what am I missing?

Re:Mozilla Corporation - Fighting for Freedom agai (1)

agm (467017) | 1 year,7 days | (#43468683)

It's hardly a country that loves freedom if it regulates people's personal lives like this.

It's a federal country. You have the freedom to leave a state that doesn't respect your freedom for one that does.

So you're saying that the US is pro-freedom, except for when it's not and in those cases you can go and live somewhere else?

How can the US be pro freedom if it actively harms people by confiscating property off them using a threat of force?

Without taxation, there is no way to fund a court or police force.

There are other ways of raising funds without resorting to extortion. Donations and lotteries come to mind.

Without those, there is no way to enforce the laws against a private citizen using force or fraud to coerce another private citizen. Or what am I missing?

You're missing the fact that in order to prevent one citizen from using force or fraud against another citizen, the state must use force and fraud against all citizens.

If their goal is to protect people from the initiation of force then they lost immediately when they fund it via compulsory means.

Re:Mozilla Corporation - Fighting for Freedom agai (5, Insightful)

Anonymous Coward | 1 year,7 days | (#43469059)

First, this is coming from a die hard libertarian.

You do realize that the idea of taxes is to pay for things that everyone uses, but would be infeasible to be run by private entities. This so called extortion you speak of is basically making you pay for that which you use. i.e. not stealing it. Any sane individual has no problem with paying taxes for public services, the disagreement comes into what should be a public service and what should not.

And you're statement on fraud confirms you do not know what fraud is. I may not know everything the government does with the money I give them, but I do know that it's not swindled from me, and I do know what a lot of it goes towards. Fraud would be being told you're paying for one thing, then either not getting it at all, or getting something very different, and worth much less.

And everything is pro-freedom except when it's not. I expect to be free to do what I want, except when it violates the freedoms of other people. I don't expect to have the freedom to get in my car drunk off my ass and drive down the road. That endangers the freedom of other people to exist.

Seriously, are you trolling or just stupid?

Re:Mozilla Corporation - Fighting for Freedom agai (0)

Anonymous Coward | 1 year,7 days | (#43469715)

AC, just wanted to say thank you for a rational bit of writing! I was starting to feel sad about the Internet population again :)

I would happily call myself a libertarian if I didn't feel that capital L Libertarians had stolen the word and loaded it with poorly thought out nonsense. (Don't get me started on the economics of gold and the pros and cons of abstract currency...)

You don't sound like Libertarians I know (1)

Zontar_Thing_From_Ve (949321) | 1 year,6 days | (#43471545)

You, sir, are either not a Libertarian or you represent the 1% of the party that is actually rational.

Here's what I hear all the time from Libertarians I have known.
ALL taxes are evil. Well, OK, maybe it's necessary to pay something just to support the military so China/Russia/whoever won't invade us.
There's NOTHING that the government does that private industry can't do better and cheaper. NOTHING.
Most of the taxes paid are wasted on a bloated government.
If government didn't do anything except run the military and maybe 1 or 2 other tasks, everybody would be richer and better off in this country.

Re:Mozilla Corporation - Fighting for Freedom agai (0)

gottabeme (590848) | 1 year,7 days | (#43468727)

It's hardly a country that loves freedom if it regulates people's personal lives like this.

Balderdash. Anyone can live with whomever he wants and can make whatever kind of promises or agreements he wants with whomever he wants. The government not giving a slip of paper endorsing or verifying their private decisions is not a form of regulating their personal lives--it's the opposite! It's refusing to be involved in it! How much more freedom do you require than lack of involvement?

And yet those taxes are still there. How can the US be pro freedom if it actively harms people by confiscating property off them using a threat of force?

You're being silly. Every nation in the world has taxes, and no nation could exist with zero taxes. Taxes have been around as long as death. Your argument is preposterous and irrational.

I can't - but that doesn't mean (in any way at all) that the US is the bastian[sic] of freedom. It's not. Your government removes and dilutes your freedoms far too much.

All governments do--that's their basic function. Only by the vigilance of its citizens does a nation preserve its liberty. Thankfully, our basic rights which allow us to be vigilant are enshrined in our founding documents, a claim which few nations can make.

Is the US perfect? Hardly. Is it getting worse? Perhaps. Is there any freer nation? No.

But, hey, bashing America is easy and popular, so why not join the mob?

Re:Mozilla Corporation - Fighting for Freedom agai (1)

agm (467017) | 1 year,7 days | (#43469333)

It's hardly a country that loves freedom if it regulates people's personal lives like this.

Balderdash. Anyone can live with whomever he wants and can make whatever kind of promises or agreements he wants with whomever he wants. The government not giving a slip of paper endorsing or verifying their private decisions is not a form of regulating their personal lives--it's the opposite! It's refusing to be involved in it! How much more freedom do you require than lack of involvement?

Then why all this fuss about gay marriage? Why is bigamy illegal? Laws that criminalise those things restrict personal liberties.

And yet those taxes are still there. How can the US be pro freedom if it actively harms people by confiscating property off them using a threat of force?

You're being silly. Every nation in the world has taxes, and no nation could exist with zero taxes. Taxes have been around as long as death. Your argument is preposterous and irrational.

Just because all nations have taxation does not mean that it is impossible for a nation to exist without it. Just because taxation has been around for a long time doesn't mean it's not an infringement on our liberties.

I can't - but that doesn't mean (in any way at all) that the US is the bastian[sic] of freedom. It's not. Your government removes and dilutes your freedoms far too much.

All governments do--that's their basic function. Only by the vigilance of its citizens does a nation preserve its liberty.

The basic function of government should be to protect people from harm. They shouldn't be the ones doing the harming.

Thankfully, our basic rights which allow us to be vigilant are enshrined in our founding documents, a claim which few nations can make.

Is the US perfect? Hardly. Is it getting worse? Perhaps. Is there any freer nation? No.

But, hey, bashing America is easy and popular, so why not join the mob?

I'm not bashing the USA. I'm bashing all countries that dilute the freedoms of its citizens. (Which is all countries). Some are much better than others.

usa ranked 16th best nation to live in (0)

Anonymous Coward | 1 year,7 days | (#43470715)

sad three are at least 15 nations better to live in all nicely ranked
and all the top ten have free health care but one and all but 3 have no national debts and 8 of top ten are considered socialist democracies.
ENJOY and google for the link unless your govt or hollywood blocks it.

Re:Mozilla Corporation - Fighting for Freedom agai (1)

Anonymous Coward | 1 year,7 days | (#43469373)

Yes your taxes are low because you have poor people living in misery! People who wants to live good, doesn't live in USA, you live in propaganda, in bubble where poor people are to be ignored and not to be taken care of. There are loads of better countries, I am from scandinavia in from our point of view, USA seems more like third word dictatorial country than rich democratic country ... you should try to live somewhere else sometimes ...

Re:Mozilla Corporation - Fighting for Freedom agai (1)

KiloByte (825081) | 1 year,7 days | (#43470423)

Unless you are gay and want to marry.

There are many places in America where gays can marry, and more states are considering it. We are moving in the right direction.

The same group that pushes for gays to marry also presses the hardest to outlaw polygamy, and 1-on-1 marriage between biological adults. The latter even carries massive prison sentences, and at least brands you for life.

Re:Mozilla Corporation - Fighting for Freedom agai (1)

Ironchew (1069966) | 1 year,7 days | (#43468849)

I like the US forcing its American Way on others...

Your desire to lord over me is not on an equal footing with my desire to be free.

Those two statements contradict each other, especially when "forcing its American Way on others" means an occupying force.

It is about freedom -- of associaton, of speech, of property.

Property is not a natural right.

Re:Mozilla Corporation - Fighting for Freedom agai (1)

HiThere (15173) | 1 year,7 days | (#43468975)

More to the point, ownership is not a right that can be defined in the absence of government....and here "government" has to be defined as "use or threat of overriding force".

Note that in this sense social animals have government, so it's broader than the normal use of the term.

For that matter, I equate "natural right" to "evolutionarily stable strategy", which means that it alters with the environment, and isn't something stable. It's also worth remembering that "money" is a government invention (King Cyrus of the Persians, IIRC) and was originally a promise that the item being offered was actually as represented. (I.e., a small bar of gold with the royal seal embossed on it.) But do note that counterfeiting arose amost immediately, so there's nothing "natural" about it without the presence of overriding force.

Re:Mozilla Corporation - Fighting for Freedom agai (0)

Anonymous Coward | 1 year,7 days | (#43470323)

Yeah, what goes around comes around. You have been trying to force your shit on others, shouting "freedom" along the way. That kind of shit will get you more terrorists coming after you.

The people you are trying to force your freedom over do care about their religin, culture, and politics. They will fight back.

Re:Mozilla Corporation - Fighting for Freedom agai (2)

Runaway1956 (1322357) | 1 year,7 days | (#43468783)

"There is no good or bad."

You were making sense, until you wrote that bit of drivel. Yes, child, there really IS good, and there really IS bad. I can agree with you that the US government often doesn't know the difference. I can agree that the US government is in no position to be the final arbiter of good and bad. But, there really are evil sumbitches in the world. A significant number of them occupy positions of power.

Re:Mozilla Corporation - Fighting for Freedom agai (1)

ArsenneLupin (766289) | 1 year,7 days | (#43469665)

Certificates are global. A single bad CA spoils the trust in all of them. So Mozilla has to pull those. (yes, this is a problem with how SSL currently works)

Re:Mozilla Corporation - Fighting for Freedom agai (1)

gmuslera (3436) | 1 year,7 days | (#43468697)

Considering how the US government is positioned for playing MITM games, and that is putting laws to require information and actions from internet providers of critical services, is tempting at the very least. But having such aggresive player in the middle of the field maybe is better to just close your eyes and just put a token warning in a page tham trying to fix it, just will put more in evidence how broken is everything now.

Re:Mozilla Corporation - Fighting for Freedom agai (1)

HiThere (15173) | 1 year,7 days | (#43469011)

Not quite clear what you are reccommending here.

FWIW, I don't thing ANY of the certificate issuing authorities are trustworthy. This doesn't mean that some aren't worse then others, and it might make sense to revoke the trust you have given to some of the worst actors, if you can do so without TOO much cost to yourself. If nothing else it would ensure that the infrastructure is in place to do the revokation. And it would encourage the weaker authorities to avoid being excessively vile.

The down side is that this will be interpreted by some as a statement that you trust those you don't revoke the certificates of.

Re:Mozilla Corporation - Fighting for Freedom agai (1)

gmuslera (3436) | 1 year,7 days | (#43469151)

Lets put it this way. Already the US security agencies have access, and is actively using it, to google/facebook/twitter and so on information, no need to get into the encrypted communication. But what about other sites, specially the ones not hosted in US but that could use certificates to encrypt communication? If don't have already pretty broad (i.e. to *.com) or reissued certificates, will start to ask for them pretty soon.

In the other hand, not trusting any certificates from any US based company will show almost any secure site as untrusted, being intercepted or not. Would you use your credit card, put personal data, or download binaries to execute on a site with a big red warning telling you that the site could be fake? There is no middle ground, or can't be trusted, or can, there is no space to say "it can be examined or modified as anything that goes thru something US related"

Re:Mozilla Corporation - Fighting for Freedom agai (3, Interesting)

TheLink (130905) | 1 year,7 days | (#43469137)

I use certificate patrol. It basically warns you if a cert has changed suspiciously, or if the CA has changed.

It's flawed in that it only remembers one cert per domain for comparison and nowadays for whatever reasons companies like facebook and Google often use different certs signed by different CAs for the same domains and spread the load/connections amongst them. So you can get more warning prompts than you'd want.

This doesn't mean the concept is broken though, just that Certificate Patrol's particular implementation has room for improvement.

The desired case is, if at home you decide that the different certs you get from gmail or facebook are OK (and told the plugin to ignore them), then go to some foreign country and suddenly you get certs that are signed by TeliaSonera, you'd get a warning message and you'd know that something was up and choose not to login.

Same goes for logging in to your bank/corporate site while on a business trip to China. If the cert changes unexpectedly - from being signed by say Equifax to being signed by CNNIC, you should get a warning too.

Re:Mozilla Corporation - Fighting for Freedom agai (2)

L4t3r4lu5 (1216702) | 1 year,7 days | (#43470163)

I would argue that anyone logging in to their corporate site from China without using a VPN with a self-signed certificate is doing it wrong. Hell, I'm going on holiday to Australia later in the year and I'm setting up a VPN to my home network so I can use email etc without worrying about my credentials being lifted by any local agency. I know it's a little much for most home users, but for anyone with even an inkling of tech knowhow or a corporate user it should be mandatory.

Decentralised is the way to go. (4, Insightful)

Anonymous Coward | 1 year,7 days | (#43466885)

Instead of trusting any of these companies (they'll sell to the US government as well, I'm sure), why not switch to Convergence [wikipedia.org] ? It reduces the need to trust companies like this.

Mozilla (and Google, and other browser makers) should include it by default in all their products (even if turned off) to make it easier for people to switch away from centralised systems. Viva le revolucion.

DNSSEC for certificate distribution (3, Interesting)

crow (16139) | 1 year,7 days | (#43467213)

I'm not particularly impressed with Convergence in particular. What seems to make the most sense is to self-publish SSL certificates using DNSSEC.

Re:DNSSEC for certificate distribution (1)

radiumsoup (741987) | 1 year,7 days | (#43467273)

now this... this seems like something I'd be interested in reading about. Is there some real discussion about this, or did you come up with it yourself? (It's not a bad idea at all at first blush)

Re:DNSSEC for certificate distribution (1)

Anonymous Coward | 1 year,7 days | (#43467579)

http://tools.ietf.org/html/rfc6698
http://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities

In short, it's very new and no browser has serious support for it. Except maybe the Chromium dev channel.
https://wiki.mozilla.org/Security/DNSSEC-TLS-details#Google_Chrome

Re:DNSSEC for certificate distribution (1)

Znork (31774) | 1 year,7 days | (#43467411)

I don't quite get how DNSSEC will solve anything, doesn't DNSSEC use trust anchors that can be just as comprimized as the current SSL 'trust'?

Or is there some special extra trustworthiness that makes the root signers more immune to coercion or trickery?

Re:DNSSEC for certificate distribution (2, Interesting)

Anonymous Coward | 1 year,7 days | (#43467687)

Proper DNSSEC uses a single trust anchor for the root "." that can validate the delegated registries (com., net., uk., fr.). DLV registries were a hack until the root zone got signed, which has now happened.

For DNSSEC to work you need to validate the responses of signed zones and you need to trust their corresponding registries (for .com Verisign). The person signs their zone (example.com) and pushes their public key up to Verisign in the form of DS record. The registry can remove the public key, causing the zone to be DNSSEC unsecure (the usual case with most domains) OR they can modify the public key causing SERVFAIL for DNSSEC aware resolvers OR they can modify the public key and the authoritative nameservers for your domain and do whatever they want... since they are the registrar. Bottom line: if you don't trust the registrar for your domain, you are already screwed.

If you don't already have control of your own authoritative DNS servers then your host could be forced to change the records anyway. It's all a horrible mess.

Re:DNSSEC for certificate distribution (2)

slimjim8094 (941042) | 1 year,7 days | (#43468289)

It's not some entity other than the one who's already directing you to the website. Presumably if it were easier to redirect at the DNS level as opposed to MITMing and getting a fake certificate, people would be doing that instead. It also makes any compromise much more visible and reduces the number of people you need to trust absolutely.

Re:DNSSEC for certificate distribution (1)

Engeekneer (1564917) | 1 year,7 days | (#43469945)

I partly agree, but there are problems with just trusting DNSSEC.

In the current situation, to impersonate a SSL protected site you need to MITM in some way (e..g DNS spoofing), and get a valid certificate for the domain. So you have to at least attack two different security measures (even if MITM is simple for some entities).

If certificate info is published in DNSSEC you need to compromise only one place to achieve both MITM and add fake certificates. Sure it might be harder, but if this method was used, I bet that the attacks on DNS servers would go up a lot.

Re:Decentralised is the way to go. (2)

bill_mcgonigle (4333) | 1 year,7 days | (#43469185)

A great feature of Convergence is the ability to have multiple signatures. HTTPS needs this too. Imagine the current scenario where gmail regularly has 25 signors on its certificate and then one day there is only one. With something like EFF's HTTPS Everywhere SSL Observatory, this could be flagged.

But, switching TLS signing to PGP is a big deal and not backwards compatible. What I'd like to see (somebody else do this so I don't have to) would be an extension that would allow multiple certificates to be presented to the client. Old clients would just get the first one, newer clients could get multiple certs from a server. Klunky, yes, but backwards compatible.

fuck yeah mozilla (-1)

Anonymous Coward | 1 year,7 days | (#43466887)

fuck yeah.

There are many others. (4, Insightful)

Anonymous Coward | 1 year,7 days | (#43466949)

Mozilla still includes all kinds of questionable cert authorities. Once I learned that, I had to go through my default Firefox installs and remove all the ones by Chinese government arms and similar.

Why single out these countries? I will never need a cert signed by a foreign government - ANY foreign government. There are probably only about 5% of authorities I actually might trust included in Firefox. The rest are illegitimate for 99% of users.

Re:There are many others. (4, Insightful)

interval1066 (668936) | 1 year,7 days | (#43466979)

I will never need a cert signed by a foreign government - ANY foreign government.

I'm having a hard time with trusting domestic governments as well.

Re:There are many others. (0)

Anonymous Coward | 1 year,7 days | (#43468287)

That's why we ought to allow for multiple CAs per attestation. If both the US government and Chinese government believe a public key belongs to someone, I trust that more than I trust either certification alone.

Similar concept: if TeliaSonera is unable to prove to the Mozilla team that they aren't influenced by governments (but let's say there also isn't any strong evidence that they are influenced), then you don't need to totally pull them. Set them to 0.1 trusted; enough that their attestation as to someone's identity might be able to push someone over a threshold score of 0.85 (or whatever some particular use case requires), but not so much that they're totally trusted to be the sole authority. No one but the user should ever be Able to be a sole authority.

Re:There are many others. (1)

FrangoAssado (561740) | 1 year,7 days | (#43468913)

That's a nice idea, but it doesn't really solve the underlying problem. Imagine that you're convinced that TeliaSonera is friendly to governments in Central Asia (as the story seems to imply). So it would make sense to trust them (a lot) to attest government-friendly identities in that region. But it would be silly to trust them (at all) for anything else.

In the end, trust in a CA has context. It's not enough to simply assign a number to convey how much you trust a particular CA; what you're really interested is how much you trust a particular CA to attest a particular identity.

Re:There are many others. (1)

HiThere (15173) | 1 year,7 days | (#43469039)

While your point has merit, context is a really tricky problem. A weight is something simple and easy...and could be implemented without slowing things down much.

OTOH, I certainly feel that individuals shouls be able to adjust the weights easily.

Question: Should the CA be able to determine whether or not a particular site trusts them? If not, how do you indicate the amount of trust (since you don't want to just block)? Things get complicated quickly.

Re:There are many others. (2)

rtfa-troll (1340807) | 1 year,7 days | (#43469471)

Mozilla still includes all kinds of questionable cert authorities.

Oh yes? Please list them and link to a certificate provided by one of them which has been issued without the permission of the party it has reputedly been issued to. Specifics please. This is the criteria, more or less the only criteria, which makes a cert authority questionable. Otherwise you are just (correctly) questioning the CA system which doesn't do what you think it does.

Surely, no American company would stoop so low... (0)

dragisha (788) | 1 year,7 days | (#43467007)

As to sell services to dictatorships?! Of course not!

But those Swedes (and Fines == Swedes in disguise... Or it's vice versa?) they are capable of anything. Just remember that Finish (his mother's tongue is Swedish, ha!) guy who invented Linux, and you will understand what they are capable of!

Mozilla, please stop them!

Re:Surely, no American company would stoop so low. (-1)

Anonymous Coward | 1 year,7 days | (#43467257)

Fines should be Finns and Finish should be Finnish.

Penis.

Re:Surely, no American company would stoop so low. (0)

Anonymous Coward | 1 year,7 days | (#43469331)

Goes to show that a low UID is not a guarantee of smarts...

Re:Surely, no American company would stoop so low. (0)

Anonymous Coward | 1 year,7 days | (#43469545)

And you think you are smart? :)

You Probably should make sure first (0)

Anonymous Coward | 1 year,7 days | (#43467079)

" Mozilla's concern is that TeliaSonera has possibly issued certificates that allow hardline government servers to masquerade as legitimate websites — so-called man-in-the-middle attacks — and decrypt web traffic."

Maybe they should check first to see if they have issued the certificates, otherwise they could find themselves in a world of hurt

Good to see (4, Interesting)

starfishsystems (834319) | 1 year,7 days | (#43467205)

It's good to see browser maintainers recognizing that the browser is an essential - albeit uncertified - part of HTTPS authentication.

The preinstalled root certs have enormous leverage. If the validation of certificate requests performed by CAs is a known weak link in X.509, how much more so the point where those CAs are designated as trusted?

Thanks to the efforts of Mozilla, among others, we have a much more diverse browser ecosystem than even a few years ago. To some extent at least, the free market can decide which browser to use. I know that I'm more inclined to use a product that is squarely on the side of human rights than one which can be used as an instrument of oppression. And these difficult questions of policy and enforcement provide a chance for Mozilla to distinguish itself, which I think it's doing very ably.

Mozilla supports the Internet Civil Rights Bill in (1)

Anonymous Coward | 1 year,7 days | (#43468257)

Brazil. [mozilla.org] So this kind of action is a natural extension of that.

Re:Good to see (2)

girlintraining (1395911) | 1 year,7 days | (#43469427)

I know that I'm more inclined to use a product that is squarely on the side of human rights than one which can be used as an instrument of oppression.

Then you may want to consider not using Mozilla. They're talking about pulling the certificate authority of a half dozen smaller countries on the suspicion that it has cooperated with those governments' lawful requests to monitor their citizens internet access. Or as it is called on slashdot, "spying." But here's the thing: There's no proof. It's just a suspicion... and it's a suspicion based on guilt by association no less.

So Mozilla is proposing forcing some of the people in these countries to use insecure communications on the suspicion that their governments may be trying to force their citizens to use insecure communications.

Sounds legit.

Re:Good to see (1)

starfishsystems (834319) | 1 year,7 days | (#43469841)

The willingness to hear about suspicions is a necessary part of gathering evidence, it's not a final assessment of evidence. "Talking about" doing something is a necessary part of due process, it's not the final outcome. If you don't understand these basic distinctions already, please give them some thought,

Speaking of weighing evidence, can you be a little more specific than a vague reference to "half a dozen smaller countries"? It's not possible to take such claims seriously. They certainly don't constitute grounds to think less of Mozilla, but they do raise doubts about you if this is your best way of establishing credibility. (And no, you can't date my daughter either, in case you were wondering. You're definitely not in her league.)

Purely in terms of policy, I'm more inclined to favor removing a questionable root cert than installing it on the off chance that it will be missed. You're claiming that its removal will "force" citizens to "use insecure communications" when such is not remotely the case:
  • If you're serious about security, you can generate your own cert for free, or set up your own CA for that matter. It's done all the time. I've personally led four large internal PKI initiatives: two for industry, one for academic research and one for government. This approach is more robust than going to a third party CA.
  • You're not forced to do anything when one particular CA has come under a shadow of doubt; there are hundreds of CAs who will be delighted to sign your cert request in exchange for a modest fee and a pathetic level of background verification. The "weak link" CA problem is not due to scarcity but to excess. And finally,
  • There's nothing stopping you from installing any root cert you like, including reinstalling the very certs that the browser maintainers have determined are suspicious. Go for it. Have a blast.

Re:Good to see (1)

girlintraining (1395911) | 1 year,7 days | (#43470181)

Speaking of weighing evidence, can you be a little more specific than a vague reference to "half a dozen smaller countries"? It's not possible to take such claims seriously. They certainly don't constitute grounds to think less of Mozilla, but they do raise doubts about you if this is your best way of establishing credibility. (And no, you can't date my daughter either, in case you were wondering. You're definitely not in her league.)

From the summary of the article: "Azerbaijan, Kazakhstan, Georgia, Uzbekistan and Tajikistan". And no, I wouldn't want to date your daughter, if she's got a personality anything like yours though, I can well imagine your desperation to find her someone.

Re:Good to see (1)

ftobin (48814) | 1 year,6 days | (#43471323)

I don't see how people are being forced to use insecure communications. Websites can choose to get certificates from wherever they want. All this does is take out one of the certificate providers.

SSL is broken by design (3, Interesting)

ivrogne (2498422) | 1 year,7 days | (#43467245)

Why doesn't everyone use SRP [wikipedia.org] instead?
- User proves it has password without divulging any data.
- Man in the middle obtains zero information.
- Generates encryption key for rest of the connection.

Re:SSL is broken by design (1)

Anonymous Coward | 1 year,7 days | (#43467727)

In order to prevent active attacks, you need something to base the trust off of. In SSL, CAs are used, which is quite questionable because there's a lot of them with lots of different possible influences. In SRP, a shared secret (in the form of a password entered by the user) is used. That requires (1) somehow prearranging a shared secret and a related (2) a way of handling the user losing that shared secret. It seems like a good idea for applications like banking where you have a pre-existing relationship with the website and they can communicate with you out-of-band (similar to how they mail you the PIN code for an ATM card). I would certainly like that to be common place. I guess for websites with logins you could use normal SSL initially to setup an account and then use SRP to login. That still requires the weaker SSL, but it means that attacks cannot be done as easily at least.

Re:SSL is broken by design (0)

Anonymous Coward | 1 year,7 days | (#43467735)

I think SRP assumes you already know the key of who you're trying to talk to. I'm not seeing anything that implies it could replace SSL's chain of trust model for key discovery.

Re:SSL is broken by design (1)

cbhacking (979169) | 1 year,7 days | (#43468527)

In this particular instance, you actually want to say "password" of the person - it's actually right there in the protocol name - but yes. SRP is fantastic for situations where you want to authenticate over an unsecured connection. It is incapable of handling registration over such a connection though, unless there's somebody else's password you use first to establish a secure channel. This means it is not a viable replacement for SSL/TLS in common web usage.

SRP does also have a "key" of sorts, but it's public info. Additionally, the server doesn't actually store the password, only a password verifier. Once a password is verified, as a side effect of the verification both sides now have a high-entropy random value which has never been sent over the wire and cannot be deduced from traffic that was (without knowledge of the password); this value is suitable for a symmetric session key. In many ways, SRP looks like an ideal protocol... until you ask how the server gets the password verifier in the first place. Doing that part over an unsecured channel opens you up to MitM attack as surely as trusting a malicious SSL certificate authority does.

Why not TLD scope CAs (1)

Anonymous Coward | 1 year,7 days | (#43467259)

Presumably 99.9999% of US Government certs are in .mil and .gov, and 99.99999% of chinese-government-puppet certs are in CN, etc.

Seems to me that the exposure could be enormously narrowed by scoping all of the obscure CAs to the one or two TLDs where they are most commonly used.

it will be hard to not drop them now (2)

roozta (756636) | 1 year,7 days | (#43467965)

Interesting discussion on the Mozilla forum. In light of the information so far, it seems like it would be difficult for Mozilla to keep TeliaSonera as trusted and not lose face. It will be interesting to see what kind of implications this has going forward in regards to dealing with other CAs that have practices or relationships that might fall into the similar shady areas as TeliaSonera. There are some forum posts mentioning that maybe Cybertrust (acquired by Verizon - known for participating in surveillance activity) and Entrust (related to BlueCoat via Thoma Bravo) as possibly requiring similar scrutiny.

So what is the procedure to protect yourself (1)

Marrow (195242) | 1 year,7 days | (#43468385)

If there are Authorities you do not need in the browser list, how do you choose which ones to untrust? What if you only use https with a few sites, should you just look at the information and whitelist only those?

And why do the browsers have different lists (1)

Marrow (195242) | 1 year,7 days | (#43468469)

Firefox works from a list thats different than Chrome. I assume that there is another list again for people writing software for https connections. Maybe thats why I see the ssl libraries updating on my machine? If this is broken, then why is there not software available to "tune it" or test it so that it can be made to work?
Can the web server see what Cert you used? Can they tell that a fake cert was used? Maybe it should draw a warning on your pages that the cert authority had no business issuing the cert that was used?
Turn every browser in to a cert tester. Obviously you trust your browser.

So my email will stop working (0)

Anonymous Coward | 1 year,7 days | (#43469089)

Surely Thunderbird will omit the same certificates and my company and private email stop working without the trouble because TeliaSonera decided to follow the law in the countries it operates in, and some political activists don't like it. Now, I'm all for political freedoms and human rights but no fucking way you do touch my livelihood. I haven't oppressed anybody except the /. with my cowardly anonymous comments.
  Peoples of the world are responsible of their own freedom, or lack of it. That is democracy, freedom and self-determination which nobody can give them to by any means.
--
Cowardly Dramatic Activist who after some theatrical comments considers switching email and browser, once again.

PLEASE MOZILLA (0)

Anonymous Coward | 1 year,7 days | (#43469189)

Restrict SSL certificates to just the domains they should vouch for.

In this case, TeliaSonera might (or might not) be trusted for domains like se, kz or az, but they definitely shouldn't be trusted for uk, us or cn.

Yes, we need to find something better than certificate authorities in the long term, but let's apply common sense and try to limit the mayhem a bad CA can cause now. It's easy, practically free and compatible with current technology.

Haha. Ok, what about Verisign/etc? (5, Insightful)

X.25 (255792) | 1 year,7 days | (#43469677)

I mean, they've been issuing intermediate CA certs to various 'friendly' governments and agencies, to support MITM (for 'lawful interceptions' only, of course).

Will Mozilla remove them too, since they seem to be breaching that same policy?

Impact for me. (1)

Z00L00K (682162) | 1 year,7 days | (#43469713)

Since I'm supporting an application that uses TeliaSonera certificates on the web server.

And changing to another certificate is probably not on the map since it runs at TeliaSonera.

Re:Impact for me. (1)

EmperorArthur (1113223) | 1 year,7 days | (#43469923)

If they follow through with it, and if the other browser makers follow them, then you won't have to worry about it.

A CA's business is all based on trust. As soon as they're known to be untrustworthy then they're dead. Well, for any commerce or banking site at least. I expect the governments to still use them though. Even being suspect is enough to drive business away.

What we need is browsers pushing DNSSEC. Users are trained to look for the green padlock. If you display it as say yellow for a secure sight without DNSSEC your users will start to notice. Once DNSSEC becomes mainstream you can use that for key signing as described in other posts on this topic.

dangerous territory (4, Insightful)

stenvar (2789879) | 1 year,7 days | (#43470069)

US, Canadian and European governments also spy on their citizens. So Mozilla now needs to determine whose spying is good and whose spying is bad. I'm not sure that's a business that Mozilla should be in.

Perhaps a better solution would be to make it easier and more user friendly for people to detect questionable certificates and choose which certificates you trust. But, of course, that would upset Western governments...

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...