Security Advisories

Trustwave Press Releases

« Death to PDF! | Main | [Honeypot Alert] Status Report for January 2012 »

04 February 2012


Hi. Since you acknowledged your error in issuing a certificate to a not-trustworthy company would you be so kind to name the firm and every certificate you granted, so i am able to remove these certificates from my certificate lists? Best regards

The original sale of this cert was irresponsible, but it sounds like you've fixed the issue and it's nice to see you voluntarily coming clean about the mistake. That said, you should give your "peers" a chance to fix their mistakes as well and then out them if they don't... it's the right thing to do.

Thank you for the clarification and corrections; the original statement made the situation sound worse than it evidently is (referring to 'roots' and 'organizations' in the plural, for example). I am curious, though, about one point in this explanation. You say that you've revoked the certificate and the service is 'effectively' over; is the actual proxy now shut down?

I'm also very curious about the statement that this is a 'common practice' of 'many of [y]our peers', but I'm sure you will not be able to comment on that. . .

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Your Information

(Name is required. Email address will not be displayed with the comment.)