[191281] in North American Network Operators' Group
Re: Chinese root CA issues rogue/fake certificates
daemon@ATHENA.MIT.EDU (George William Herbert)
Thu Sep 1 00:33:24 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <20160901013657.GE4869@hezmatt.org>
From: George William Herbert <george.herbert@gmail.com>
Date: Wed, 31 Aug 2016 21:33:18 -0700
To: Matt Palmer <mpalmer@hezmatt.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
> On Aug 31, 2016, at 6:36 PM, Matt Palmer <mpalmer@hezmatt.org> wrote:
>=20
> there's just waaaay too many sites using WoSign (and StartCom) for the
> CAs' roots to just be pulled. Sad, but true.
Not even. Pull away.
> I'd be surprised if most business continuity people could even name their
> cert provider, and most probably don't even know how certs come to exist o=
r
> that they *can* be made useless on a wide scale by the actions of,
> seemingly, an unrelated third party.
Not in my neck of the woods. If you have a drought of good ones in your are=
a my consulting company calls that an opportunity...=20
Sent from my iPhone
