On 2011-08-30 10:02, Peter Gutmann wrote: > http://www.diginotar.com/Portals/0/Skins/DigiNotar_V7_COM/image/home/headerimage/image01.png > > The guy in the background must have removed his turban/taqiyah for the photo.
There is one useful data point that came from the DigiNotar mess-up: we now know, thanks to Mozilla, Debian, and the SSL Observatory what the lower bound is for a failed CA to be considered too big to fail. You must have issued some (unknown) number in excess of 701 SSL certs to not see your root pulled from certificate-consuming software when you mess up. --- @nocombat writes: SSL Observatory: select count(Subject) from valid_certs where Issuer like '%diginotar%' → 701 --- So far, we only knew what the upper bound is to be considered too big to fail, which was the number of certs issued by Comodo and Symantec (VeriSign). --Lucky Green _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
