nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The state-level attack on the SSL CA security model

From: Owen DeLong <owen () delong com>
Date: Fri, 25 Mar 2011 12:46:38 -0700

On Mar 24, 2011, at 2:44 PM, George Herbert wrote:


On Thu, Mar 24, 2011 at 2:39 PM, Franck Martin <franck () genius com> wrote:



----- Original Message -----

From: "Roland Dobbins" <rdobbins () arbor net>
To: "nanog group" <nanog () nanog org>
Sent: Friday, 25 March, 2011 9:33:27 AM
Subject: Re: The state-level attack on the SSL CA security model
On Mar 24, 2011, at 6:41 PM, Florian Weimer wrote:


 Disclosure devalues information.



I think this case is different, given the perception of the cert as a
'thing' to be bartered.



Isn't there any law that obliges company to disclose security breaches that involve consumer data?


I don't think SSL certs are consumer data, per se.


No, but, a weak SSL cert in use by your company could disclose
consumer data due to its weakness.


Owen
Previous By Date Next
Previous By Thread Next

Current thread: