[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Chinese root CA issues rogue/fake certificates
- Subject: Chinese root CA issues rogue/fake certificates
- From: mpalmer at hezmatt.org (Matt Palmer)
- Date: Thu, 1 Sep 2016 20:10:17 +1000
- In-reply-to: <[email protected]>
- References: <CAB69EHjh+xLBzP+XoEUpo3fRYC_33aQWCEuDZPJc8MtxdshjQg@mail.gmail.com> <CA+E3k91eiwyykLV05fVL89Fd=USe-pzuhFRx4SFaCnuYMYskKA@mail.gmail.com> <CA+E3k923N8JRguG0yfjFg6ZkfhrUxc+CcxwD0Rh9kULgrCvr-Q@mail.gmail.com> <[email protected]> <[email protected]>
On Wed, Aug 31, 2016 at 09:33:18PM -0700, George William Herbert wrote:
> > On Aug 31, 2016, at 6:36 PM, Matt Palmer <mpalmer at hezmatt.org> wrote:
> > there's just waaaay too many sites using WoSign (and StartCom) for the
> > CAs' roots to just be pulled. Sad, but true.
>
> Not even. Pull away.
Not going to happen. Feel free to argue otherwise in the appropriate
venues, but you're tilting at windmills, IMO.
> > I'd be surprised if most business continuity people could even name their
> > cert provider, and most probably don't even know how certs come to exist or
> > that they *can* be made useless on a wide scale by the actions of,
> > seemingly, an unrelated third party.
>
> Not in my neck of the woods. If you have a drought of good ones in your
> area my consulting company calls that an opportunity...
How the hell do you get from "the world does not work that way" to "please
pitch me your consulting services"?
- Matt