nanog mailing list archives
Re: Chinese root CA issues rogue/fake certificates
From: Matt Palmer <mpalmer () hezmatt org>
Date: Thu, 1 Sep 2016 20:10:17 +1000
On Wed, Aug 31, 2016 at 09:33:18PM -0700, George William Herbert wrote:
On Aug 31, 2016, at 6:36 PM, Matt Palmer <mpalmer () hezmatt org> wrote: there's just waaaay too many sites using WoSign (and StartCom) for the CAs' roots to just be pulled. Sad, but true.Not even. Pull away.
Not going to happen. Feel free to argue otherwise in the appropriate venues, but you're tilting at windmills, IMO.
I'd be surprised if most business continuity people could even name their cert provider, and most probably don't even know how certs come to exist or that they *can* be made useless on a wide scale by the actions of, seemingly, an unrelated third party.Not in my neck of the woods. If you have a drought of good ones in your area my consulting company calls that an opportunity...
How the hell do you get from "the world does not work that way" to "please pitch me your consulting services"? - Matt
Current thread:
- Re: Chinese root CA issues rogue/fake certificates Matt Palmer (Sep 01)
- Re: Chinese root CA issues rogue/fake certificates George William Herbert (Sep 07)
- <Possible follow-ups>
- Re: Chinese root CA issues rogue/fake certificates Matt Palmer (Sep 01)
- Re: Chinese root CA issues rogue/fake certificates Stephane Bortzmeyer (Sep 01)
- Re: Chinese root CA issues rogue/fake certificates Eric Kuhnke (Sep 07)
- Re: Chinese root CA issues rogue/fake certificates Matt Palmer (Sep 07)
- Re: Chinese root CA issues rogue/fake certificates George William Herbert (Sep 07)
- Re: Chinese root CA issues rogue/fake certificates Eric Kuhnke (Sep 07)