nanog mailing list archives
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
From: Lou Katz <lou () metron com>
Date: Wed, 14 Sep 2011 10:02:48 -0700
The problem that I see with browser response to self-signed (or org generated) certs is not the warning(s) but the assertion that the cert is invalid. Not issued by one of the players in the Protection Racket does not make the cert invalid. It may be untrustable, unreliable, from an unknown and/or unverifiable source, but it IS a valid cert. Certs in a revocation list or malformed certs are invalid. After all, the Diginotar certs were 'valid', until revoked. Apparently the (arbitrary) inclusion or exclusion of a root cert by each browser creator or distributer is equated with validity. By removing the Diginotar root cert, suddenly ALL Diginotar certs are now reported to end users as Invalid? By refusing to include a CACert root certificate, no CACert certificate is 'valid'? I think not. -- -=[L]=- Hand typed on my Remington portable
Current thread:
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases, (continued)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Tony Finch (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases fredrik danerklint (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Tei (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Brett Frankenberger (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Peter Kristolaitis (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases David Israel (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Valdis . Kletnieks (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Lou Katz (Sep 14)
- Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases) Jeroen Massar (Sep 14)
- Re: Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases) Always Learning (Sep 14)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Michiel Klaver (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Jima (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Ted Cooper (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 14)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Joe Greco (Sep 12)