On Thu, Sep 8, 2011 at 1:30 AM, Ralph Holz <h...@net.in.tum.de> wrote: > Hi, > > I (still) cannot believe how Symantec reacts to the DigiNotar breaches - > basically ignoring the known shortcomings: > > http://www.symantec.com/connect/blogs/why-your-certificate-authority-matters
To be contrarian for a moment.... In the "old days" ( a few months ago) the only really difference for a customer between most CAs was how widely their trust was distributed. What platforms (Windows, which mobile phones, etc). Their customers didn't have to care about quality, and really didn't have to care about the CA going away, except if the CA went bankrupt or something... Today, maybe that has changed ever so slightly? If a customer now fears that their/A CA will actually get de-listed from the popular platforms, thus causing them an outage, maybe customers start demanding CAs that are less likely to get de-listed? Maybe ones that can demonstrate better security controls, or somesuch? This isn't to say it justifies or supports the marketing campaign, but perhaps there is a real message hidden in there after all? - Andy _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography