[138925] in North American Network Operators' Group
Re: The state-level attack on the SSL CA security model
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Thu Mar 24 06:29:55 2011
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: nanog group <nanog@nanog.org>
Date: Thu, 24 Mar 2011 10:28:26 +0000
In-Reply-To: <20110324101947.GA11913@nike.aronius.se>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 24, 2011, at 6:19 PM, Joakim Aronius wrote:
> Surely the value of stolen certs are higher if the public do not know tha=
t they exist.
A wider swathe of interested parties would know of their existence, and the=
ir existence would be officially confirmed, which would make them more valu=
able.
Unfortunately, the general public neither know, understand, or care about s=
uch things. They happily click 'I Understand the Risks' or whatever the bu=
tton says in their browsers of choice to accept self-signed certificates al=
l the time.
I don't know enough details of what actually transpired to have an actual o=
pinion on the Comodo situation one way or another; but I can see both sides=
of the argument.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
