Microsoft deems all DigiNotar certificates untrustworthy, releases updates
morrowc.lists at gmail.com
Mon Sep 12 01:57:59 UTC 2011
On Sun, Sep 11, 2011 at 2:30 AM, Damian Menscher <damian at google.com> wrote:
> Because of that lost trust, any cross-signed cert would likely be revoked by
> the browsers. It would also make the browser vendors question whether the
> signing CA is worthy of their trust.
given a list of ca's and certs to invalidate ... how large a list
would be practical in a browser? (baked in I mean)
(not very, relative to the size of the domain system today)
Is this scalable?
Is this the only answer we have left?
(I'm not sure what better answers there are to the situation we are in
today, I do like the work in DANE-WG though... it'll be a while before
it's practical to use though, I fear)
More information about the NANOG