[cabfpub] China MITMing icloud.com

Dean Coclin Dean_Coclin at symantec.com
Tue Oct 21 18:55:05 UTC 2014

Rich brings up a good point, but we have to rely on our bylaws for the
operation of the forum, including member conduct.


I took a quick scan of the bylaws and unfortunately I didn't see anything
about member conduct or any action that could be taken related to the
allegation below (feel free to correct me if I missed it). There is
something minor about complying with industry regulations, but does the
alleged behavior violate any regulation?


So although it's fine to have a discussion about it, any action would need
to be in accordance with our bylaws. Hence this may be an opportunity to
propose changes therein.




From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Rich Smith
Sent: Tuesday, October 21, 2014 10:41 AM
To: public at cabforum.org
Subject: [cabfpub] China MITMing icloud.com




The above article states that within China's great firewall, www.icloud.com
is connecting with a self signed certificate.  The article also states that
the Qihoo 360 Browser passes the user right through with no warning or other
indication that the connection is unsafe.


I have no way to independently verify that accusation, BUT given that we
just approved the 360 Browser's CA/B membership application, I think this
needs to be investigated.


If the accusation is found to be accurate, barring a VERY good explanation
from the 360 Browser team, I would move for their immediate expulsion from
this Forum.




Rich Smith

Validation Manager


http://www.comodo.com <http://www.comodo.com/> 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141021/1f248d8b/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6130 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141021/1f248d8b/attachment-0001.p7s>

More information about the Public mailing list