nanog mailing list archives
Re: Chinese root CA issues rogue/fake certificates
From: George William Herbert <george.herbert () gmail com>
Date: Wed, 31 Aug 2016 21:33:18 -0700
On Aug 31, 2016, at 6:36 PM, Matt Palmer <mpalmer () hezmatt org> wrote: there's just waaaay too many sites using WoSign (and StartCom) for the CAs' roots to just be pulled. Sad, but true.
Not even. Pull away.
I'd be surprised if most business continuity people could even name their cert provider, and most probably don't even know how certs come to exist or that they *can* be made useless on a wide scale by the actions of, seemingly, an unrelated third party.
Not in my neck of the woods. If you have a drought of good ones in your area my consulting company calls that an opportunity... Sent from my iPhone
Current thread:
- Chinese root CA issues rogue/fake certificates Eric Kuhnke (Aug 30)
- Re: Chinese root CA issues rogue/fake certificates Royce Williams (Aug 30)
- Re: Chinese root CA issues rogue/fake certificates Eric Kuhnke (Aug 30)
- Re: Chinese root CA issues rogue/fake certificates Mel Beckman (Aug 30)
- Re: Chinese root CA issues rogue/fake certificates Royce Williams (Aug 31)
- Re: Chinese root CA issues rogue/fake certificates Matt Palmer (Aug 31)
- Re: Chinese root CA issues rogue/fake certificates Eric Kuhnke (Aug 31)
- Re: Chinese root CA issues rogue/fake certificates Lyndon Nerenberg (Aug 31)
- Re: Chinese root CA issues rogue/fake certificates Mark Andrews (Aug 31)
- Re: Chinese root CA issues rogue/fake certificates George William Herbert (Aug 31)
- Re: Chinese root CA issues rogue/fake certificates Eric Kuhnke (Aug 30)
- Re: Chinese root CA issues rogue/fake certificates Royce Williams (Aug 30)