d...@geer.org writes: >I'm hoping this is just a single instance but it makes you remember that the >browser pre-trusted certificate authorities really needs to be cleaned up.
Given the more or less complete failure of commercial PKI for both SSL web browsing and code-signing (as evidenced by the multibillion-dollar cybercrime industry freely doing all the things that SSL certs and code-signing were supposed to prevent them from doing), it's not so much "cleaned up" as "replaced with something that may actually work". Adding support for a service like Perspectives (discussed here a month or two back) would be a good start since it provides some of the assurance that a commercial PKI can't (and as an additional benefit it also works for SSH servers, since it's not built around certificates). So, when will Google add Perspectives support to their search database? :-). Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com