Eddy Nigg <eddy_n...@startcom.org> writes: >On 09/04/2016 09:20 AM, Peter Gutmann wrote: >> This is great stuff, it's like watching a rerun of Diginotar > >.....says the audience on the backbenches gleefully....
Well, it doesn't exactly paint the best picture of a competently-run CA, same as Diginotar, and the progression does seem remarkably similar ("nothing to see here, move along, move along", "OK, there was a small thing, we've fixed it now", "OK, there was a little more than that but now it's definitely fixed", "oh, we hadn't noticed that one, it's really, really fixed for sure now", etc). Hey look, I don't have anything personal against WoStartSignCom, my views on the value of the whole browser PKI racket as a means of securing web users are pretty well known, it's just such a wonderful example of the sort of stuff that people are relying on for their "security", and how utterly toothless the browser vendors are in terms of dealing with issues like this: it'll be debated endlessly on here without anything happening, and Chrome, IE/whatever, and Safari won't even address it, assuming they're even aware of it. Just business as usual. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy