[191319] in North American Network Operators' Group
Re: Chinese root CA issues rogue/fake certificates
daemon@ATHENA.MIT.EDU (Eric Kuhnke)
Wed Sep 7 19:15:52 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <20160901101951.usbucglng5itramz@nic.fr>
From: Eric Kuhnke <eric.kuhnke@gmail.com>
Date: Wed, 7 Sep 2016 16:15:47 -0700
To: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Further update on all known suspicious activity from Wosign:
https://wiki.mozilla.org/CA:WoSign_Issues
Seriously, what level of malice and/or incompetence does one have to rise
to in order to be removed from the Mozilla (and hopefully Microsoft and
Chrome) trusted root CA store? Is this not sufficient?
On Thu, Sep 1, 2016 at 3:19 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr>
wrote:
> On Thu, Sep 01, 2016 at 11:36:57AM +1000,
> Matt Palmer <mpalmer@hezmatt.org> wrote
> a message of 45 lines which said:
>
> > I'd be surprised if most business continuity people could even name
> > their cert provider,
>
> And they're right because it would be a useless information: without
> DANE, *any* CA can issue a certificate for *your* domain, whether you
> are a client or not.
>
