Microsoft deems all DigiNotar certificates untrustworthy, releases updates

Keith Medcalf kmedcalf at
Sun Sep 11 19:00:09 UTC 2011

Damian Menscher wrote on 2011-09-11:

> Because of that lost trust, any cross-signed cert would likely be
> revoked by the browsers.  It would also make the browser vendors
> question whether the signing CA is worthy of their trust.

And therein is the root of the problem:  Trustworthiness is assessed by what you refer to as the "browser vendors".  Unfortunately, there is no Trustworthiness assessment of those vendors.

The current system provides no more authentication or confidentiality than if everyone simply used self-signed certificates.  It is nothing more than theatre and provides no actual security benefit whatsoever.  Anyone believing otherwise is operating under a delusion.

--- Keith Medcalf
()  ascii ribbon campaign against html e-mail

More information about the NANOG mailing list