[Moderator's note: Top posting is considered untasteful. --Perry] It doesn't need to be malicious. It depends on the situation.
For example, lots of corporations do SSL session inspection using products like Bluecoat. The Bluecoat does a MiTM attack to expose the plaintext for analysis, and expects that corporate users trust the certificate it provides (and have pushed it out to all corporate browsers). If you've just loaded Firefox, it won't have that "trusted" cert loaded by default, and you'll see exactly the below. Ian. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Perrin Sent: Saturday, November 15, 2008 8:29 AM To: cryptography@metzdowd.com Subject: Re: unintended? On Fri, Nov 14, 2008 at 01:26:29PM +0000, [EMAIL PROTECTED] wrote: > (snicker) from the local firefox > .... > > en-us.add-ons.mozilla.com:443 uses an invalid security certificate. > > The certificate is not trusted because the issuer certificate is not trusted. > > (Error code: sec_error_untrusted_issuer) What does Perspectives have to say? What installation of Firefox did you use? I don't have that problem when I visit: https://addons.mozilla.org/en-US/firefox/ Do you perhaps have some kind of malicious redirection going on there? -- Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ] John Kenneth Galbraith: "If all else fails, immortality can always be assured through spectacular error." --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]