Liangent wrote:
On 8/20/10, Aryeh Gregor wrote:
They can do things like intercept any connections
to the site,
providing a forged certificate for HTTPS via a CA they control, and
steal passwords or cookies.
See this:
https://bugzilla.mozilla.org/show_bug.cgi?id=542689
The solution would be having
https://bugzilla.mozilla.org/show_bug.cgi?id=501697 implemented, and
then restricting country CAs
to their ccTLD.
Although, as expressed on their bugzilla, if the country ccTLD passes
the global trust requisites, cutting them wouldn't be too fair.