Re: New MITM cert incident - Cyberoam
Daniel Veditz <dveditz <at> mozilla.com>
2012-07-05 02:07:19 GMT
On 7/4/12 10:34 AM, John Nagle wrote:
> A CA called Cyberoam appears to have issued a wildcard cert to
> enable MITM attacks for "deep packet inspection" [...]
> They're not a CA trusted by Mozilla, apparently.
They're not a CA. Businesses wishing to use the Cyberoam devices
need to install the Cyberoam self-issued CA-cert on each computer on
the network. Enterprises could either push the cert to everyone if
they have that kind of tool, or require that workers "voluntarily"
install it themselves (because otherwise you aren't able to reach
If we implement cert pinning we'll either have to allow that kind of
business to disable it, or write off our users who work for
companies with that kind of control freakery. It's more common than
you'd think, some of our own Mozilla community members work for
companies with that kind of policy.