It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
April 6th, 2010
Unknown root certificate found in Firefox
Link to reviewer source
I propose that the "RSA Security 1024 V3" root certificate authority be
removed from NSS.
OU = RSA Security 1024 V3
O = RSA Security Inc
Valid From: 2/22/01
Valid To: 2/22/26
I have not been able to find the current owner of this root. Both RSA
and VeriSign have stated in email that they do not own this root.
Therefore, to my knowledge this root has no current owner and no current
audit, and should be removed from NSS.
I have also filed a bug for this:
I am now opening this proposal up to public discussion. Please respond
to this discussion if you have any knowledge of this root that would
help in making this decision.
By the way, To see the complete list of all of the root certificate
authorities that are included in NSS, and who currently owns/operates
them, go to www.mozilla.org... and click on
the "List of all included root certificates" link. This will display the
public and published version of a spreadsheet that I maintain. There is
a column called "Company Website" which indicates the current owner of
This is a significant security isse [sic] since digital certificates rely on a chain of trust, and the trust anchor for digital certificates is the Root Certificate Authority (CA). Specifically, web browsers use root certificates to verify identities used for secure web connections. However, the users of web browsers have to rely on the browser publisher to make sure that these root certificates are valid. The fact that Firefox contains a root certificate where the current owner is unknown (at this time at any rate) is a little worrying.
Trust no one …
Originally posted by hoghead cheese
reply to post by Maxmars
This is something to look into, because by them saying that they don't know who owns it and firefox isn't talking tells me that they do know and aren't allowed to tell (NSA).
In the referenced post, Kathleen has just added the following:
>I have received email from official representatives of RSA confirming
>that RSA did indeed create the "RSA Security 1024 V3" root certificate
>that is currently included in NSS (Netscape/Mozilla) and also in Apple's
>root cert store.
From Ancient Greek ἰατρός (iatros), “‘doctor’”) + -genic.
iatrogenic (comparative more iatrogenic, superlative most iatrogenic)
1. (medicine, of a disease etc.) Induced by the words or actions of the physician.
* 2003, Michael L. Raulin, Abnormal Psychology, Pearson Education, Inc. (2003), p. 494,
Another group argues that the diagnosis is being overused and that many of the diagnosed cases are iatrogenic, or unintentionally shaped or caused by the practitioner (Lilienfeld et al., 1999; Spanos, 1994). (boldface in original)
Originally posted by Maxmars
Frankly, the whole nature of the rootkit's development concerns me.
I understand the reasons it is a valuable 'tool' but that fact also makes it a terrible vulnerability.