-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mar 31, 2012, at 7:38 PM, Marsh Ray wrote: > > Has anyone seen this CA before? > > Sounds like an interesting business model, even if the site design looks a > bit anachronistic. > > http://print-a-cert.com/ > That's hilarious! I love it! But I see some security problems: * The host name and organization name are not centered properly. This permits easier forgery by rogue actors and I'm sure is in violation of Baseline Requirements. * SSL 3.0 ought to be upgraded to TLS 1.1. There's plenty of reason to go to TLS 1.1, and plenty to stick there. * The font used for the key id does not differentiate well between 'I' (capital-eye) and 'l' (lowercase-ell). Learn the lesson of Bob Marley and don't shoot the serif. * There is no expiration date on the certificate. You'll hate your CRLs if you do that. Jon -----BEGIN PGP SIGNATURE----- Version: PGP Universal 3.2.0 (Build 1672) Charset: us-ascii wj8DBQFPd+HksTedWZOD3gYRAoRGAJ9lQAIVQo45yvLWNB9KFXs2wB+dsACcCsAM 1JY9Kvh2k5FMNBDIf/sNkFw= =KO1+ -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
