Hi all,
Kathleen at Mozilla has reported that she is having trouble dealing with
Trustwave question because she doesn't know how many other CAs have
issued sub-roots that do MITMs.
Zero, one, a few or many?
I've sent a private email out to those who might have had some direct
exposure. If there are any others that might have some info, feel free
to provide evidence to kwil...@mozilla.com or to me if you want it
suitably anonymised.
If possible, the name of the CA, and the approximate circumstance. Also
how convinced you are that it was a cert issued without the knowledge of
the owner. Or any information really...
Obviously we all want to know who and how many ... but right now is not
the time to repeat demands for full disclosure. Right now, vendors need
to decide whether they are dropping CAs or not.
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography