Gmail and SSL

Matthew Palmer mpalmer at
Thu Jan 3 01:37:25 UTC 2013

On Wed, Jan 02, 2013 at 07:35:49PM -0500, William Herrin wrote:
> A "reputable" SSL signer would have to get outed just once issuing a
> government a resigning cert and they'd be kicked out of all the
> browsers. They'd be awfully easy to catch.

I believe Honest Achmed said it best:

"In any case by the time he's issued enough certificates he'll be regarded
as too big to fail by the browser vendors, so an expensive audit doesn't
really matter."

as well as

"Achmed's business plan is to sell a sufficiently large number of
certificates as quickly as possible in order to become too big to fail"


"Achmed guarantees that no certificate will be issued without payment having
been received, as per the old latin proverb "nil certificati sine lucre"."

- Matt

More information about the NANOG mailing list