Chinese root CA issues rogue/fake certificates
mpalmer at hezmatt.org
Thu Sep 1 10:10:17 UTC 2016
On Wed, Aug 31, 2016 at 09:33:18PM -0700, George William Herbert wrote:
> > On Aug 31, 2016, at 6:36 PM, Matt Palmer <mpalmer at hezmatt.org> wrote:
> > there's just waaaay too many sites using WoSign (and StartCom) for the
> > CAs' roots to just be pulled. Sad, but true.
> Not even. Pull away.
Not going to happen. Feel free to argue otherwise in the appropriate
venues, but you're tilting at windmills, IMO.
> > I'd be surprised if most business continuity people could even name their
> > cert provider, and most probably don't even know how certs come to exist or
> > that they *can* be made useless on a wide scale by the actions of,
> > seemingly, an unrelated third party.
> Not in my neck of the woods. If you have a drought of good ones in your
> area my consulting company calls that an opportunity...
How the hell do you get from "the world does not work that way" to "please
pitch me your consulting services"?
More information about the NANOG