nanog mailing list archives

Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates

From: Christopher Morrow <morrowc.lists () gmail com>
Date: Sun, 11 Sep 2011 22:01:47 -0400

On Sun, Sep 11, 2011 at 3:37 PM,  <Valdis.Kletnieks () vt edu> wrote:

On Sun, 11 Sep 2011 13:00:09 MDT, Keith Medcalf said:

The current system provides no more authentication or confidentiality
than if everyone simply used self-signed certificates.


Not strictly true.  The current system at least gives you "you have reached
the hostname your browser tried to reach".  A self-signed cert doesn't
even give you that.


really? even in the face of CA's that have signed certs for existing
domains (to not the domain owners)?

If I have a thawte cert for valdis.com on host A and one from comodo
on host B... which is the right one?

Current thread:

Re: Microsoft deems all DigiNotar certificates untrustworthy, releases, (continued)
- - - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 14)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Joe Greco (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates lgomes00 (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Valdis . Kletnieks (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Mark Andrews (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Jimmy Hess (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Damian Menscher (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Christopher Morrow (Sep 11)
- RE: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Keith Medcalf (Sep 11)
  - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Valdis . Kletnieks (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Christopher Morrow (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Valdis . Kletnieks (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Christopher Morrow (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Robert Bonomi (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Christopher Morrow (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Mike Jones (Sep 12)
  - RE: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Hank Nussbacher (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Eliot Lear (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Jason Duerstock (Sep 12)
    - Re: DANE and DNSSEC, was Microsoft deems all DigiNotar John Levine (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Eliot Lear (Sep 12)