[conspire] Fraudulent SSL certs for *.google.com from DigiNotar
Rick Moen
rick at linuxmafia.com
Tue Aug 30 15:57:28 PDT 2011
Quoting Don Marti (dmarti at zgp.org):
> Yes, you have to make sure it's backed up by Honest
> Achmed's Used Cars and Certificates, right?
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=647959
Almost too close to truth for humour.
I'm sure Honest Achmed would be a fine PKI. If Debian won't have hiim as
a CA, he should just sign up to be a Comodo 'Trusted Partner'
Registration Authority. I hear they'll take anyone.
I like Whisper Systems CTO Moxie Marlinspike's take on the problem
(referenced on LWN):
http://blog.thoughtcrime.org/ssl-and-the-future-of-authenticity
Among other things, Moxie explains why the 'Just use DNSSEC' people are
on crack.
More information about the conspire
mailing list