Reply to post: About that root certificate...

Superfish: Lenovo ditches adware, but that doesn't fix SSL megavuln – researcher

Jamie Jones Silver badge

About that root certificate...

This whole thing is disgusting, so please don't think I'm sticking up for Lenovo here, but (not having the equipment to test) I'm puzzled about the issues involving their local root certificate.

Surely it is only accepted by the local browsers when they talk to the superfish program, and NOT the Superfish program as it talks to the outside world, therefore making concerns over thr cerificate key strength/password etc. moot?

Extending on this, interestingly it would become a problem only when the software is removed if the client-installed root certificate is left behind!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019