Microsoft deems all DigiNotar certificates untrustworthy, releases

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Sep 12 15:41:03 CDT 2011


On Mon, 12 Sep 2011 22:31:59 +0200, Måns Nilsson said:

> Since you are from Sweden, and in an IT job, you probably have personal
> relations to someone who has personal relations to one of the swedes
> or other nationalities that were present at the key ceremonies for the
> root. Once you've established that the signatures on the root KSK are good
> (which -- because of the above -- should be doable OOB quite easily for
> you) you can start validating the entire chain of trust.
> 
> Quite trivial, in fact.

I'll note that the PGP "strongly connected set" has grown all the way to 45,000
or so keys in 2 decades of growth.  There are several billion Internet users. What
may be workable for Fredrik is probably *not* scalable to Joe Sixpack.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110912/a17bcf66/attachment.bin>


More information about the NANOG mailing list