[SSL Observatory] New bad Google MITM cert
Daniel Veditz
dveditz at mozilla.com
Wed Dec 11 07:39:50 PST 2013
On 12/11/2013 6:13 AM, Ralf Skyper Kaiser wrote:
> (Why did mozilla (https://bugzilla.mozilla.org/show_bug.cgi?id=946351)
> remove the information
> about the device vendor from the bugtracker? I'm just curious and
> forwarding questions I got from reporters).
I removed the comments (and Brian the attachments) at Google's request:
https://bugzilla.mozilla.org/show_bug.cgi?id=946351#c69
and comments 73, 74
They didn't say why. My personal guess is that either they felt it
distracts from a discussion about the CAs actions and mismanagement, or
would unfairly tarnish one particular vendor who was not responsible for
the incident and whose device was simply operating as advertised. It
doesn't matter which vendor DG Tresor bought the device from, the
results would have been the same.
We appreciate Google sharing this information with us and the other
browser vendors as quickly and completely as they did and want them to
feel comfortable doing the same in the future.
-Dan Veditz
More information about the Observatory
mailing list