Mainframe and servers both self hosted and cloud. And here I was complaining that NIST had it's own CA roots and intermediates to import. Thank you for being paranoid.
Seems like everyone should be looking at PKI Services again instead of purchasing certs. Rob Schramm On Sun, Sep 9, 2018, 4:35 PM Seymour J Metz <[email protected]> wrote: > I'm more concerned with how long it took them to finally pull ther plug. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ________________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf > of Rob Schramm <[email protected]> > Sent: Sunday, September 9, 2018 3:30 PM > To: [email protected] > Subject: Re: The story of why Chrome and Firefox will soon block sites > with certain SSL certificates > > Actually.. I am more concerned with Verisign being part of this. > > "In the near future, Google Chrome and Mozilla Firefox will begin > distrusting SSL certificates from Symantec, GeoTrust, Thawte, VeriSign, > Equifax, and RapidSSL." > > There are a lot of shops that trust VeriSign for server certs that are > being trusted for mainframe related transactions. If the certs are issued > improperly, it brings up a man in the middle attack that most would not be > looking for because they "trust" VeriSign!. I am sure that there are other > attacks that may be possible. > > This is quite disturbing. > > Personally, I would never trust Equifax.. they have proved themselves > untrustworthy with the multiple security debacles this past year or so. > But I had come to trust the others. Guess I should take a line from > Dragnet "Just the facts ma'am" > > Rob Schramm > > > > On Sun, Sep 9, 2018 at 11:45 AM scott Ford <[email protected]> wrote: > > > Exactly > > > > On Sun, Sep 9, 2018 at 11:13 AM Paul Gilmartin < > > [email protected]> wrote: > > > > > On Sun, 9 Sep 2018 10:39:59 -0400, Rob Schramm wrote: > > > > > > >Seems relevant .. the whole purpose in using a CA is trust. > > > > > > > > > > > > > > https://secure-web.cisco.com/14Hv4j29J0-tyjiALgwdw8v1lxcXRUTK89Jz9mc7_o0v3JPKIPF8jo8mkNR4NVAJu551fyjdhIGzVUcVIJ4DDqn6_RSAh2DVtCiTjrv0fYQ4UG2Q3lpUZCINQdzm_JuWXH_vfrXh0YBRdsU15iOJJMSztdU69MeFRbTgNlu6YagWIn66Jg6hjVAS0la9n8yPiJkr97Oj1piT2LmWsG6PkaDZCCZYSpCsSxi8ptg6JeHTohB0PRf6tNtr2v3OY4-9MOLie6aY0ybXvuvE7cwtT3Ix73mwKDHVYo7LF_c9mJrXsHqNbBEs4eYxrkJFS35kucmpB5j1naedEY_BXKyc6PKgcURnCvPt9t4tnIsRwSN0hg2RbgltMw0aSp8gWZmVs/https%3A%2F%2Fwww.templarbit.com%2Fblog%2F2018%2F09%2F07%2Fthe-story-of-why-chrome-and-firefox-will-soon-block-sites-with-certain-ssl-certificates%2F > > > > > > > The accused is Symantec and its subsidiaries. > > > > > > What's the current reputation of Symantec Antivirus? > > > > > > -- gil > > > > > > ---------------------------------------------------------------------- > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to [email protected] with the message: INFO IBM-MAIN > > > > > -- > > Scott Ford > > IDMWORKS > > z/OS Development > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > -- > > Rob Schramm > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- Rob Schramm ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
