nanog mailing list archives
Re: Chinese root CA issues rogue/fake certificates
From: Eric Kuhnke <eric.kuhnke () gmail com>
Date: Wed, 7 Sep 2016 16:15:47 -0700
Further update on all known suspicious activity from Wosign: https://wiki.mozilla.org/CA:WoSign_Issues Seriously, what level of malice and/or incompetence does one have to rise to in order to be removed from the Mozilla (and hopefully Microsoft and Chrome) trusted root CA store? Is this not sufficient? On Thu, Sep 1, 2016 at 3:19 AM, Stephane Bortzmeyer <bortzmeyer () nic fr> wrote:
On Thu, Sep 01, 2016 at 11:36:57AM +1000, Matt Palmer <mpalmer () hezmatt org> wrote a message of 45 lines which said:I'd be surprised if most business continuity people could even name their cert provider,And they're right because it would be a useless information: without DANE, *any* CA can issue a certificate for *your* domain, whether you are a client or not.
Current thread:
- Re: Chinese root CA issues rogue/fake certificates Matt Palmer (Sep 01)
- Re: Chinese root CA issues rogue/fake certificates George William Herbert (Sep 07)
- <Possible follow-ups>
- Re: Chinese root CA issues rogue/fake certificates Matt Palmer (Sep 01)
- Re: Chinese root CA issues rogue/fake certificates Stephane Bortzmeyer (Sep 01)
- Re: Chinese root CA issues rogue/fake certificates Eric Kuhnke (Sep 07)
- Re: Chinese root CA issues rogue/fake certificates Matt Palmer (Sep 07)
- Re: Chinese root CA issues rogue/fake certificates George William Herbert (Sep 07)
- Re: Chinese root CA issues rogue/fake certificates Eric Kuhnke (Sep 07)