[cabfpub] China MITMing icloud.com
Dean Coclin
Dean_Coclin at symantec.com
Tue Oct 21 11:55:05 MST 2014
Rich brings up a good point, but we have to rely on our bylaws for the
operation of the forum, including member conduct.
I took a quick scan of the bylaws and unfortunately I didn't see anything
about member conduct or any action that could be taken related to the
allegation below (feel free to correct me if I missed it). There is
something minor about complying with industry regulations, but does the
alleged behavior violate any regulation?
So although it's fine to have a discussion about it, any action would need
to be in accordance with our bylaws. Hence this may be an opportunity to
propose changes therein.
Dean
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Rich Smith
Sent: Tuesday, October 21, 2014 10:41 AM
To: public at cabforum.org
Subject: [cabfpub] China MITMing icloud.com
https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-data-at
tack-coincides-launch-new-iphone
The above article states that within China's great firewall, www.icloud.com
is connecting with a self signed certificate. The article also states that
the Qihoo 360 Browser passes the user right through with no warning or other
indication that the connection is unsafe.
I have no way to independently verify that accusation, BUT given that we
just approved the 360 Browser's CA/B membership application, I think this
needs to be investigated.
If the accusation is found to be accurate, barring a VERY good explanation
from the 360 Browser team, I would move for their immediate expulsion from
this Forum.
--
Regards,
Rich Smith
Validation Manager
Comodo
http://www.comodo.com <http://www.comodo.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141021/1f248d8b/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6130 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20141021/1f248d8b/attachment.bin
More information about the Public
mailing list