[cabfpub] China MITMing icloud.com

Richard Wang richard at wosign.com
Wed Oct 22 05:23:41 UTC 2014

I read this article.
I think it is unfair that if some attack happened, then someone will say it is by China authorities.
The related MIIT attack is reported by Xinhua Agency also.



On Oct 21, 2014, at 22:40, Rich Smith <richard.smith at comodo.com<mailto:richard.smith at comodo.com>> wrote:


The above article states that within China's great firewall, www.icloud.com<http://www.icloud.com> is connecting with a self signed certificate.  The article also states that the Qihoo 360 Browser passes the user right through with no warning or other indication that the connection is unsafe.

I have no way to independently verify that accusation, BUT given that we just approved the 360 Browser's CA/B membership application, I think this needs to be investigated.

If the accusation is found to be accurate, barring a VERY good explanation from the 360 Browser team, I would move for their immediate expulsion from this Forum.

Rich Smith
Validation Manager

Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141022/f4ef493b/attachment-0003.html>

More information about the Public mailing list