[144428] in North American Network Operators' Group
Re: Microsoft deems all DigiNotar certificates untrustworthy,
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Sun Sep 11 22:02:31 2011
In-Reply-To: <146257.1315769856@turing-police.cc.vt.edu>
Date: Sun, 11 Sep 2011 22:01:47 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Valdis.Kletnieks@vt.edu
Cc: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, Sep 11, 2011 at 3:37 PM, <Valdis.Kletnieks@vt.edu> wrote:
> On Sun, 11 Sep 2011 13:00:09 MDT, Keith Medcalf said:
>> The current system provides no more authentication or confidentiality
>> than if everyone simply used self-signed certificates.
>
> Not strictly true. =A0The current system at least gives you "you have rea=
ched
> the hostname your browser tried to reach". =A0A self-signed cert doesn't
> even give you that.
really? even in the face of CA's that have signed certs for existing
domains (to not the domain owners)?
If I have a thawte cert for valdis.com on host A and one from comodo
on host B... which is the right one?
