On Sun, Apr 5, 2015 at 6:25 PM, ITechGeek <[email protected]> wrote: > So does this mean Iran & the like can stop hacking CAs and buy their own > Geotrust cert to MITM their population? > Yeah, its been around for a while. What's surprising is (or maybe not) is the CA is still not constraining the organizations even though a technical control is available to do so.
Do away with the independent third party that assesses the signing request, don't bother with the security controls to limit impact of a bad actor, and then allow the organization to operate on best behavior. Sigh... _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
