[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Microsoft deems all DigiNotar certificates untrustworthy, releases updates
- Subject: Microsoft deems all DigiNotar certificates untrustworthy, releases updates
- From: morrowc.lists at gmail.com (Christopher Morrow)
- Date: Sun, 11 Sep 2011 21:57:59 -0400
- In-reply-to: <CABSP1Ofnjj27TsA=U4zs7-tpU67pbysSVFygD=WYtJwyTXzDWw@mail.gmail.com>
- References: <[email protected]> <[email protected]> <CAAAwwbUqiRnJws_hi=5at4uN-cn+qq7PqsYSeWO_OizQkrVyrA@mail.gmail.com> <CABSP1Ofnjj27TsA=U4zs7-tpU67pbysSVFygD=WYtJwyTXzDWw@mail.gmail.com>
somewhat rhetorically...
On Sun, Sep 11, 2011 at 2:30 AM, Damian Menscher <damian at google.com> wrote:
> Because of that lost trust, any cross-signed cert would likely be revoked by
> the browsers. ?It would also make the browser vendors question whether the
> signing CA is worthy of their trust.
given a list of ca's and certs to invalidate ... how large a list
would be practical in a browser? (baked in I mean)
(not very, relative to the size of the domain system today)
Is this scalable?
(no)
Is this the only answer we have left?
(no)
-chris
(I'm not sure what better answers there are to the situation we are in
today, I do like the work in DANE-WG though... it'll be a while before
it's practical to use though, I fear)