Liangent wrote:
On 8/20/10, Aryeh Gregor wrote:
They can do things like intercept any connections to the site, providing a forged certificate for HTTPS via a CA they control, and steal passwords or cookies.
See this: https://bugzilla.mozilla.org/show_bug.cgi?id=542689
The solution would be having https://bugzilla.mozilla.org/show_bug.cgi?id=501697 implemented, and then restricting country CAs to their ccTLD. Although, as expressed on their bugzilla, if the country ccTLD passes the global trust requisites, cutting them wouldn't be too fair.