Eddy Nigg <eddy_n...@startcom.org> writes:
>On 09/04/2016 09:20 AM, Peter Gutmann wrote:
>> This is great stuff, it's like watching a rerun of Diginotar
>
>.....says the audience on the backbenches gleefully....
Well, it doesn't exactly paint the best picture of a competently-run CA, same
as Diginotar, and the progression does seem remarkably similar ("nothing to
see here, move along, move along", "OK, there was a small thing, we've fixed
it now", "OK, there was a little more than that but now it's definitely
fixed", "oh, we hadn't noticed that one, it's really, really fixed for sure
now", etc).
Hey look, I don't have anything personal against WoStartSignCom, my views on
the value of the whole browser PKI racket as a means of securing web users are
pretty well known, it's just such a wonderful example of the sort of stuff
that people are relying on for their "security", and how utterly toothless the
browser vendors are in terms of dealing with issues like this: it'll be
debated endlessly on here without anything happening, and Chrome, IE/whatever,
and Safari won't even address it, assuming they're even aware of it. Just
business as usual.
Peter.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
