Re: The state-level attack on the SSL CA security model

[Franck Martin <franck () genius com>]

----- Original Message -----
> From: "Roland Dobbins" <rdobbins () arbor net>
> To: "nanog group" <nanog () nanog org>
> Sent: Friday, 25 March, 2011 9:33:27 AM
> Subject: Re: The state-level attack on the SSL CA security model
> On Mar 24, 2011, at 6:41 PM, Florian Weimer wrote:
>
> >  Disclosure devalues information.
>
>
> I think this case is different, given the perception of the cert as a
> 'thing' to be bartered.

Isn't there any law that obliges company to disclose security breaches that involve consumer data?