Microsoft deems all DigiNotar certificates untrustworthy, releases updates

• Previous message (by thread): Microsoft deems all DigiNotar certificates untrustworthy, releases updates
• Next message (by thread): Microsoft deems all DigiNotar certificates untrustworthy, releases updates
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

somewhat rhetorically...

On Sun, Sep 11, 2011 at 2:30 AM, Damian Menscher <damian at google.com> wrote:

> Because of that lost trust, any cross-signed cert would likely be revoked by
> the browsers.  It would also make the browser vendors question whether the
> signing CA is worthy of their trust.

given a list of ca's and certs to invalidate ... how large a list
would be practical in a browser? (baked in I mean)
  (not very, relative to the size of the domain system today)
Is this scalable?
  (no)
Is this the only answer we have left?
  (no)

-chris
(I'm not sure what better answers there are to the situation we are in
today, I do like the work in DANE-WG though... it'll be a while before
it's practical to use though, I fear)

• Previous message (by thread): Microsoft deems all DigiNotar certificates untrustworthy, releases updates
• Next message (by thread): Microsoft deems all DigiNotar certificates untrustworthy, releases updates
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]