On Wed, 12 Sep 2007 19:00:45 -0000, Paul Ferguson said: > It's stuff like this that sometimes makes you just throw your > hands in the air. > > http://sunbeltblog.blogspot.com/2007/09/for-shame-thawte-trusts-gromozon.html
Unfortunately, that's Working As Designed. Authentication vs Authorization. Thawte has certified that malware really *is* from Gromozon, and not from some even sleazier entity pretending to be Gromozon. That's all they *claim* to do with their certificates. Whether you should trust the signed contents, knowing they *are* from Gromozon, is way out of scope for a certificate.
pgpetQxKr2MTV.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
