MozillaWiki

CA:MaintenanceAndEnforcement: Difference between revisions

Page Discussion

CA:MaintenanceAndEnforcement (view source)

Revision as of 17:14, 8 November 2012

336 bytes removed ,  8 November 2012
m
→‎Risks to Consumers
Line 54: Line 54:
* Revealing personal information such as usernames and passwords.  
* Revealing personal information such as usernames and passwords.  
* Downloading malware if they believe it’s coming from a trusted site. The malware can contain malicious content or software.
* Downloading malware if they believe it’s coming from a trusted site. The malware can contain malicious content or software.
There is currently no complete technical solution that allows browsers to detect mis-issued certificates, so we usually learn about mis-issued certificates from an inquisitive user, a CA, or another browser vendor. Once we learn about a mis-issued certificate we do a software update to add the relevant certificate(s) to a blacklist.


It is important to note that possession of the mis-issued certificate alone does not allow an attacker to do anything. They also need some control of the victim's network connection. This means that the most likely attacks are either very localized (shared WiFi, local network compromise) or very broad (governments).
It is important to note that possession of the mis-issued certificate alone does not allow an attacker to do anything. They also need some control of the victim's network connection. This means that the most likely attacks are either very localized (shared WiFi, local network compromise) or very broad (governments).
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/486060"