On 16/04/14 09:52 PM, Radu Hociung wrote: > Greetings, > > I believe the presence of Startcom's root CA enables much of the Internet > user population to be MITM'd via pkeys leaked (due to the Heartbleed bug), > whose owners won't pay Startcom to revoke their respective certs. > > The decision to not revoke is an economic one for most customers of the "Free > StartSSL cert", and even if those customers change pkeys and switch to other > CA's for their certificates, the users of their websites remain at risk until > the StartSSL certs expire. > > In this case, Startcom's business model indirectly puts a lot of end users at > risk of MITM, and thus makes it incompatible with their goal of securing > communications. > > IMO, the way to plug this gaping hole is to remove Startcom's CA from the > list of trusted issuers. > > Such an action would break a lot of websites, potentially causing more harm > than allowing some of these sites to be MITM'ed. But knowingly allowing > (possibly widespread) MITM does not seem like a good alternative either, and > would further erode general population's trust in SSL. > > Thank you, > Radu.
There's too much impact from removing a widely used CA from the trust store. It's not really feasible, unless they do something horrifically bad. It's a lot more feasible to keep it around so sites continue to work over "secure" connections, but without showing users either a green lock or shinier green EV lock.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy