The discussion about what is and isn't in scope and whether we should try to fix DNS theft/transfer as a single example reminded me of this slide deck from Peter Gutmann: http://www.cs.auckland.ac.nz/~pgut001/pubs/pki_risk.pdf that talks about shades of grey when assessing riskiness of a site. If a certificate was used consistently from a certain CA for 3 years and hosted in California, then switches to a Russian CA and host - even if it's CA-signed, that's suspicious.
-tom _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
