[NickHaflinger]

With this root cert anyone could decode SSL traffic between you and a supposed secure web server. These kind of accidental security blunders seem to be a regular occurrence. Are people that incompetent or is there a more sinister reason.

[simonh]

Is that true? I may be off base with this, but as I understand it if the encrypted traffic you're trying to crack was encrypted using a certificate chain not descended from this root certificate I wouldn't have thought having this root CA would help.

As I understand it the vulnerability is that anyone who can obtain this root CA from a Dell machine can sign their encrypted traffic to appear to be trusted and secure, even if it's not, to other Dell machines with the same root CA. You can pretend to be someone you're not to those other Dell machines, but it doesn't give you a backdoor into chains of trust that don't descend from the same root CA.

I suppose this might allow you to do a MITM attack, but not decode traffic you've passively snooped. Otherwise this root CA would have just totally compromised all internet security.

[startling]

If there were a more sinister reason, why wouldn't they only share the private key with their accomplices?