Re: Re: 0xdeadbeef comes of age: making keysteak with GnuPG

[Kurt Seifried <kseifried () redhat com>]

On 10/10/14 10:37 AM, Daniel Kahn Gillmor wrote:
> On 10/10/2014 12:23 PM, Daniel Kahn Gillmor wrote:
> > On 10/10/2014 12:01 PM, David Leon Gil wrote:
> > > > (While I know that if a root CA were caught intentionally issuing an
> > > > MitM cert for keybase.io or pgp.mit.edu would face likely
> > > > delisting/bankruptcy.)
> > I'd like to believe that also, but i think that some of the members of
> > the CA cartel might be "too big to fail" in the current infrastructure.
> >  There's no chance that the CA will go bankrupt if they aren't delisted
> > (since the CA market is a lemon market), and every web site certified by
> > the bigger CAs has an incentive to argue against that CAs' delisting
> > (because it will break their web site).
>
> And, even when we can burn a small CA, the larger organization often
> carries on unharmed:
>
>   http://www.links.org/?p=1268
>
>       --dkg

More to the point what happened to the auditors (PWC) that signed off on
them being ok to operate as a CA? Nothing.

https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/_y1L50SdUQs

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature