Trustwave recognizes issuing a third-party root certificate.
Sources: ComputerWorld article and post on lwn.net
In short, the essence of the article. Trustwave recognizes the issuance of a subordinate root certificate to a third-party company. This means that Horn-and-Hoof Company Ltd. can, with such a certificate, sign anything, without reference to the certification center. For example, such a certificate can be used for man-in-middle attacks, which the user simply cannot trace.
The following quote is particularly gratifying: "In its defense, Trustwave says that issuing a third-party root certificate to analyze the SSL traffic of the company's internal network is a common practice."
')
1. Trustwave can be removed from trusted root certificates. Sadly, innocent companies that have bought a certificate for their domains will suffer.
2. In the future, this may be inflated into a big scandal that will shake the positions of all companies in the industry sellingair certificates.
3. In the light of the above quote, the credibility of SSL can also be greatly undermined.
I can’t make any conclusions from this situation yet. So far, except for the words "damn it yourself" nothing comes to mind. Unless I do not envy paranoid comrades and I foresee an increase in the use of VPN services :).
In short, the essence of the article. Trustwave recognizes the issuance of a subordinate root certificate to a third-party company. This means that Horn-and-Hoof Company Ltd. can, with such a certificate, sign anything, without reference to the certification center. For example, such a certificate can be used for man-in-middle attacks, which the user simply cannot trace.
The following quote is particularly gratifying: "In its defense, Trustwave says that issuing a third-party root certificate to analyze the SSL traffic of the company's internal network is a common practice."
')
What it can lead us to.
1. Trustwave can be removed from trusted root certificates. Sadly, innocent companies that have bought a certificate for their domains will suffer.
2. In the future, this may be inflated into a big scandal that will shake the positions of all companies in the industry selling
3. In the light of the above quote, the credibility of SSL can also be greatly undermined.
I can’t make any conclusions from this situation yet. So far, except for the words "damn it yourself" nothing comes to mind. Unless I do not envy paranoid comrades and I foresee an increase in the use of VPN services :).
Source: https://habr.com/ru/post/138000/
All Articles