On Mon, Dec 9, 2013 at 2:17 PM, Jan Schejbal <[email protected]>wrote:
> > I would really love to see the explanation how someone accidentally > issues and deploys a MitM Sub-CA... > I think it will turn out to be essentially the same reason that Microsoft got burned with the Flame attack. Just because an organization has PKI expertise does not mean that it is evenly shared in the organization or that everyone understands what the constraints are. The organization does not have managing crypto as its primary goal so the processes that manage the CA do not include awareness of current crypto affairs as a requirement. I have similar concerns about DANE. The expectations that are placed on the registries and registrars are quite interesting. -- Website: http://hallambaker.com/ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
