nanog mailing list archives
Re: Verisign CRL single point of failure
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Fri, 9 Jan 2004 13:20:18 +0000 (GMT)
The consolidation of network power in a single company creates its own threat to the critical infrastructure when a single certificate expires instead of being randomly distributed among several different organizations.
I'm not sure whats involved in getting your own root certs added to browser/OS distributions but theres nothing afaik that says Verisign is the sole company providing this, presumably anyone else can agree with MS/whoever to have their root certs added.. ? On the idea of gapping to RFC1918 space, this is imho not a good solution, either thay need to upgrade their platform to take the load eg multicast or if they do want to blackhole traffic do it to their own IP space [worst case, do it to an ip block that they dont route] Steve
Current thread:
- Verisign CRL single point of failure Sean Donelan (Jan 08)
- Re: Verisign CRL single point of failure Scott Weeks (Jan 08)
- Re: Verisign CRL single point of failure Stephen J. Wilcox (Jan 09)
- Re: Verisign CRL single point of failure Jeff Shultz (Jan 09)
- Re: Verisign CRL single point of failure Sean Donelan (Jan 09)
- Re: Verisign CRL single point of failure Sean Donelan (Jan 09)
- Re: Verisign CRL single point of failure Jeff Shultz (Jan 09)