[191286] in North American Network Operators' Group
Re: Chinese root CA issues rogue/fake certificates
daemon@ATHENA.MIT.EDU (Stephane Bortzmeyer)
Thu Sep 1 06:20:25 2016
X-Original-To: nanog@nanog.org
Date: Thu, 1 Sep 2016 12:19:51 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Matt Palmer <mpalmer@hezmatt.org>
In-Reply-To: <20160901013657.GE4869@hezmatt.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Thu, Sep 01, 2016 at 11:36:57AM +1000,
Matt Palmer <mpalmer@hezmatt.org> wrote
a message of 45 lines which said:
> I'd be surprised if most business continuity people could even name
> their cert provider,
And they're right because it would be a useless information: without
DANE, *any* CA can issue a certificate for *your* domain, whether you
are a client or not.
