Verisign CRL single point of failure

• Previous message (by thread): Verisign CRL single point of failure
• Next message (by thread): Verisign CRL single point of failure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The consolidation of network power in a single company creates its own threat
> to the critical infrastructure when a single certificate expires instead of
> being randomly distributed among several different organizations.

I'm not sure whats involved in getting your own root certs added to browser/OS 
distributions but theres nothing afaik that says Verisign is the sole company 
providing this, presumably anyone else can agree with MS/whoever to have their 
root certs added.. ?

On the idea of gapping to RFC1918 space, this is imho not a good solution, 
either thay need to upgrade their platform to take the load eg multicast or if 
they do want to blackhole traffic do it to their own IP space [worst case, do it 
to an ip block that they dont route]

Steve

• Previous message (by thread): Verisign CRL single point of failure
• Next message (by thread): Verisign CRL single point of failure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]