Date: Tue, 5 May 2009 10:17:00 -0700
From: Paul Hoffman paul.hoff...@vpnc.org
the CA fixed the problem and researched all related problems that it
could find.
From what I've read of the incident (I think it's the one referred
to), Comodo revoked the bogus mozilla.com cert and got their
At 6:02 PM +0200 5/8/09, R. Hirschfeld wrote:
Date: Tue, 5 May 2009 10:17:00 -0700
From: Paul Hoffman paul.hoff...@vpnc.org
the CA fixed the problem and researched all related problems that it
could find.
From what I've read of the incident (I think it's the one referred
to), Comodo
pgut...@cs.auckland.ac.nz (Peter Gutmann) on Thursday, May 7, 2009 wrote:
Paul Hoffman paul.hoff...@vpnc.org writes:
Peter, you really need more detents on the knob for your hyperbole setting.
nothing happened is flat-out wrong: the CA fixed the problem and researched
all related problems that
Bill Frantz fra...@pwpconsult.com writes:
So my reaction is to say that it's all a big stinking pile and try to develop
systems and procedures that don't rely on CAs. (e.g. curl with a copy of the
server's self-signed certificate, the Petname toolbar, etc.)
The problem with this is that recent
pgut...@cs.auckland.ac.nz (Peter Gutmann) on Thursday, May 7, 2009 wrote:
If SSL/TLS had as part of its handshake, a list of CAs that are acceptable to
the client, I could configure my browser with only high-reputation CAs.
Uhh, how is that meant to work?
The client hello message would include
Paul Hoffman paul.hoff...@vpnc.org writes:
Peter, you really need more detents on the knob for your hyperbole setting.
nothing happened is flat-out wrong: the CA fixed the problem and researched
all related problems that it could find. Perhaps you meant the CA was not
punished: that would be
At 1:02 AM +1200 5/7/09, Peter Gutmann wrote:
Paul Hoffman paul.hoff...@vpnc.org writes:
Peter, you really need more detents on the knob for your hyperbole setting.
nothing happened is flat-out wrong: the CA fixed the problem and researched
all related problems that it could find. Perhaps you
d...@geer.org wrote:
No, [...]
Now that the main question is answered, there are sub-questions to be asked:
1. Has any public CA ever encountered a situation where a revocation
would have been necessary?
1.1 Has any public CA ever had a disgrunted employee with too many
privileges not
Thierry Moreau thierry.mor...@connotech.com writes:
Now that the main question is answered, there are sub-questions to be asked:
1. Has any public CA ever encountered a situation where a revocation would
have been necessary?
Yes, several times, see e.g. the recent mozilla.org fiasco, as a
At 4:11 PM +1200 5/5/09, Peter Gutmann wrote:
Thierry Moreau thierry.mor...@connotech.com writes:
Now that the main question is answered, there are sub-questions to be asked:
1. Has any public CA ever encountered a situation where a revocation would
have been necessary?
Yes, several times, see
Paul Hoffman wrote:
At 4:11 PM +1200 5/5/09, Peter Gutmann wrote:
Thierry Moreau thierry.mor...@connotech.com writes:
Now that the main question is answered, there are sub-questions to be asked:
1. Has any public CA ever encountered a situation where a revocation would
have been
On 05/05/09 14:01, Thierry Moreau wrote:
Before the collapse of the .com market in year 2000, there were
grandiose views of global PKIs, even with support by digital signature
laws.
Actually, it turned out that CA liability avoidance was the golden rule
at the law and business model abstraction
On May 5, 2009, at 1:17 PM, Paul Hoffman wrote:
...This leads to the question: if a CA in a trust anchor pile does
something wrong (terribly wrong, in this case) and fixes it, should
they be punished? If you say yes, you should be ready to answer
who will benefit from the punishment and in
At 6:44 PM -0400 5/5/09, Jerry Leichter wrote:
On May 5, 2009, at 1:17 PM, Paul Hoffman wrote:
...This leads to the question: if a CA in a trust anchor pile does something
wrong (terribly wrong, in this case) and fixes it, should they be punished?
If you say yes, you should be ready to answer
No, but a few years ago I looked at all the certs in IE
and Netscape and found that about 30% of them were from
companies that were at that time no longer in existence.
The expiries on those where-are-they-now certs were often
as not three decades into the future.
N.B., if you are willing to
15 matches
Mail list logo
