doing business with China is bad, bad news - it totally affects what people
should be doing, what is right and just.
Google sounded the alarm March 23 about what turned out to be the
egregiously bad idea of Chinese domain registrar and CA, CNNIC, to pass on
authority for its root certificate-the secret encryption material used to
countersign any certificate it issues-to a reseller for an ostensibly benign
or limited purpose.
The reason this was a problem is that with that information, a party can
create forged certificates for any domain in the world that a browser, email
client, or other software would accept as perfectly valid. That's a
problem-it breaks trust the world over, and imperils both privacy and
safety:
Google sounded the alarm March 23 about what turned out to be the
egregiously bad idea of Chinese domain registrar and CA, CNNIC, to pass on
authority for its root certificate-the secret encryption material used to
countersign any certificate it issues-to a reseller for an ostensibly benign
or limited purpose.
The reason this was a problem is that with that information, a party can
create forged certificates for any domain in the world that a browser, email
client, or other software would accept as perfectly valid. That's a
problem-it breaks trust the world over, and imperils both privacy and
safety:
Microsoft removed just the intermediate certificate and issued a tepid
security note. Apple has said.nothing. CNNIC's root certificate remains in
Apple's trusted set in OS X (which can be viewed in Keychain Access), and
the company hasn't spoken publicly. (A query I made weeks ago received no
response to date.)
Read more:
http://www.macworld.com/article/2916901/private-i-apples-chinese-market-shar
e-may-affect-security-judgment.html
No comments:
Post a Comment