Security News > 2022 > December > Mozilla, Microsoft drop TrustCor as root certificate authority

Mozilla, Microsoft drop TrustCor as root certificate authority
2022-12-02 09:30

After a lengthy discussion between staff at Mozilla and Apple, security researchers and the CA itself, Mozilla program manager Kathleen Wilson said the org's concerns were "Substantiated" enough to set a distrust date of November 30 for TrustCor's root certificates.

Microsoft didn't participate in the conversation; instead, TrustCor executive Rachel McPherson claimed that Microsoft had set a distrust date of November 1 for her company's certs.

As of writing, TrustCor's certificates still show up in Apple's list of trusted root certificates, and it's unclear if the iMaker plans to take action of its own.

He added: "Were Trustcor simply an email service that misrepresented their claims of E2E encryption and had some connections to lawful intercept defense contractors, I would not raise a concern in this venue. But because it is a root certificate authority on billions of devices - including mine - I feel it is reasonable to have an explanation," Reardon said on the public discussion board.

TrustCor's McPherson attempted to answer questions posed by Mozilla and others in the thread, but despite its insistence that Reardon's info was out of date, and that Trustcor and Packet Forensics had no ongoing business relationship, the authorities weren't convinced.

"Our assessment is that the concerns about TrustCor have been substantiated and the risks of TrustCor's continued membership in Mozilla's Root Program outweighs the benefits to end users," Mozilla's Wilson said.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/02/mozilla_microsoft_trustcor/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 701 775 4527 4650 3617 13569
Mozilla 37 100 1353 529 426 2408