[conspire] Fraudulent SSL certs for *.google.com from DigiNotar
rick at linuxmafia.com
Tue Aug 30 15:57:28 PDT 2011
Quoting Don Marti (dmarti at zgp.org):
> Yes, you have to make sure it's backed up by Honest
> Achmed's Used Cars and Certificates, right?
Almost too close to truth for humour.
I'm sure Honest Achmed would be a fine PKI. If Debian won't have hiim as
a CA, he should just sign up to be a Comodo 'Trusted Partner'
Registration Authority. I hear they'll take anyone.
I like Whisper Systems CTO Moxie Marlinspike's take on the problem
(referenced on LWN):
Among other things, Moxie explains why the 'Just use DNSSEC' people are
More information about the conspire