[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Chinese root CA issues rogue/fake certificates

Subject: Chinese root CA issues rogue/fake certificates
From: george.herbert at gmail.com (George William Herbert)
Date: Wed, 31 Aug 2016 21:33:18 -0700
In-reply-to: <[email protected]>
References: <CAB69EHjh+xLBzP+XoEUpo3fRYC_33aQWCEuDZPJc8MtxdshjQg@mail.gmail.com> <CA+E3k91eiwyykLV05fVL89Fd=USe-pzuhFRx4SFaCnuYMYskKA@mail.gmail.com> <CA+E3k923N8JRguG0yfjFg6ZkfhrUxc+CcxwD0Rh9kULgrCvr-Q@mail.gmail.com> <[email protected]>


> On Aug 31, 2016, at 6:36 PM, Matt Palmer <mpalmer at hezmatt.org> wrote:
> 
> there's just waaaay too many sites using WoSign (and StartCom) for the
> CAs' roots to just be pulled.  Sad, but true.

Not even.  Pull away.

> I'd be surprised if most business continuity people could even name their
> cert provider, and most probably don't even know how certs come to exist or
> that they *can* be made useless on a wide scale by the actions of,
> seemingly, an unrelated third party.

Not in my neck of the woods.  If you have a drought of good ones in your area my consulting company calls that an opportunity... 

Sent from my iPhone

Follow-Ups:
- Chinese root CA issues rogue/fake certificates
  - From: mpalmer at hezmatt.org (Matt Palmer)

References:
- Chinese root CA issues rogue/fake certificates
  - From: mpalmer at hezmatt.org (Matt Palmer)

Prev by Date: Chinese root CA issues rogue/fake certificates
Next by Date: IPv4 Broker
Previous by thread: Chinese root CA issues rogue/fake certificates
Next by thread: Chinese root CA issues rogue/fake certificates
Index(es):
- Date
- Thread