On Mon, Jan 11, 2016 at 1:45 PM, Jakob Bohm <jb-mozi...@wisemo.com> wrote: > On 09/01/2016 19:22, Kai Engert wrote: >> >> On Sat, 2016-01-09 at 14:11 +0000, Peter Gutmann wrote: >>> >>> That would have some pretty bad consequences. With the MITM CA cert >>> enabled, >>> Borat [0] can read every Kazakh user's email, but no-one else can. With >>> the >>> MITM CA blacklisted, Borat can still read every Kazakh user's email, but >>> so >>> can everyone else on the planet. So the choice is between privacy >>> against >>> everyone but one party, and privacy against no-one. >> >> >> I don't understand why blacklisting a MITM CA would enable everyone to >> read the >> data that passes through the MITM. Could you please explain? (It sounds >> like >> there is either a misunderstanding on your or on my side.) >> > > He is obviously referring to the fact that refusing to encrypt using > the MiTM certificate would force users to access their e-mails (etc.) > using unencrypted connections (plain HTTP, plain IMAP, plain POP3 > etc.), thus exposing themselves to wiretapping by parties other than > the government in question.
That does not concern me. What does concern me is that a user of the Web believes that their communications are encrypted when they are not. The browser should break when communication is not possible without interception by a third party. In this particular case the party has demonstrated its intention to use the CA to create MITM certificates. I suggest that as soon as evidence of such certificates is seen, the CA be blacklisted. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy