Package: ca-certificates Version: 20121114 Severity: important Tags: security
Hi. Not sure whether Mozilla will show any action here or not. At least I've already reported the same problem there https://bugzilla.mozilla.org/show_bug.cgi?id=826666 . As found out by Google, Turktrust has issued blindly even two SubCA certificates to normal users which then used these to create „forged” certificates. See e.g. here: http://googleonlinesecurity.blogspot.de/2013/01/enhancing-digital-certificate-security.html I think this shows that TurkTurst is not really trustworthy or competent enough to have their root certs included and thus they should be removed from Debian. Cheers, Chris. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
