[conspire] Fraudulent SSL certs for *.google.com from DigiNotar

Rick Moen rick at linuxmafia.com
Tue Aug 30 15:57:28 PDT 2011

Quoting Don Marti (dmarti at zgp.org):

> Yes, you have to make sure it's backed up by Honest
> Achmed's Used Cars and Certificates, right?
>   https://bugzilla.mozilla.org/show_bug.cgi?id=647959

Almost too close to truth for humour.  

I'm sure Honest Achmed would be a fine PKI.  If Debian won't have hiim as
a CA, he should just sign up to be a Comodo 'Trusted Partner'
Registration Authority.  I hear they'll take anyone.

I like Whisper Systems CTO Moxie Marlinspike's take on the problem
(referenced on LWN):

Among other things, Moxie explains why the 'Just use DNSSEC' people are
on crack.

More information about the conspire mailing list