Chinese root CA issues rogue/fake certificates
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Sep 1 10:19:51 UTC 2016
On Thu, Sep 01, 2016 at 11:36:57AM +1000,
Matt Palmer <mpalmer at hezmatt.org> wrote
a message of 45 lines which said:
> I'd be surprised if most business continuity people could even name
> their cert provider,
And they're right because it would be a useless information: without
DANE, *any* CA can issue a certificate for *your* domain, whether you
are a client or not.
More information about the NANOG
mailing list