Re: CCA Mauritius Root Certificate

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Loganaden Velvindron <logan_at_hackers.mu>
Date: Fri, 18 Dec 2015 22:11:57 -0500

Hi SM,

Sorry for my late reply on this issue.

The way CA works is basically a chain of trust. In this particular case,
By asking users to put certificate manually in their web browsers, they
are implicitly asking Internet Users to bypass validation of the chain of
trust, thereby reducing the security.

Furthermore, in terms of building products in Mauritius around this
system, this would prove somewhat of a hassle. Unlike a normal SSL/TLS
validation where the code would be more or less standard, we are talking
about putting exceptions into the firmware of devices, servers, and
possibly others. In my humble opinion, this constitutes an attack vector,
where an attack could possibly look into using that certificate as a way
to bypass TLS/SSL normal validation due to sloppy implementations that
would crop up over time. This might be the case for TLS/SSL services that
might be running on those devices.
Received on Sat Dec 19 2015 - 03:12:19 PST

This archive was generated by hypermail 2.3.0 : Sat Dec 19 2015 - 06:45:02 PST