nanog mailing list archives

Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

From: Christopher Morrow <morrowc.lists () gmail com>
Date: Sun, 11 Sep 2011 21:57:59 -0400

somewhat rhetorically...

On Sun, Sep 11, 2011 at 2:30 AM, Damian Menscher <damian () google com> wrote:

Because of that lost trust, any cross-signed cert would likely be revoked by
the browsers.  It would also make the browser vendors question whether the
signing CA is worthy of their trust.


given a list of ca's and certs to invalidate ... how large a list
would be practical in a browser? (baked in I mean)
  (not very, relative to the size of the domain system today)
Is this scalable?
  (no)
Is this the only answer we have left?
  (no)

-chris
(I'm not sure what better answers there are to the situation we are in
today, I do like the work in DANE-WG though... it'll be a while before
it's practical to use though, I fear)

Current thread:

Re: Microsoft deems all DigiNotar certificates untrustworthy, releases, (continued)
- - - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Ted Cooper (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 14)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Joe Greco (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates lgomes00 (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Valdis . Kletnieks (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Mark Andrews (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Jimmy Hess (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Damian Menscher (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Christopher Morrow (Sep 11)
- RE: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Keith Medcalf (Sep 11)
  - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Valdis . Kletnieks (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Christopher Morrow (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Valdis . Kletnieks (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Christopher Morrow (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Robert Bonomi (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Christopher Morrow (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Mike Jones (Sep 12)
  - RE: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Hank Nussbacher (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Eliot Lear (Sep 12)

(Thread continues...)