[SSL Observatory] Number of CAs
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Dec 8 11:42:41 PST 2011
On 12/08/2011 01:44 PM, Erwann ABALEA wrote:
> How did you come to write that the software used by VeriSign and most CAs
> is based on OpenSSL and a few graphical front-ends such as TinyCA, without
> any expensive hardware?
I beg your pardon, I was clearly factually wrong there, but i think
you've missed the point of what i was trying to say. The point there
was that the hardware or software or software to run a CA doesn't need
to be expensive or exclusive. i shouldn't have claimed that you didn't
spend a lot of money on your particular implementation. i've just
fixed the article.
Thanks for the correction!
> The fact that DigiNotar, and now KPN have proven do be bad actors doesn't
> mean that all of the others are as bad.
For the record, i don't consider using publicly-auditable, no-cost, free
software to equate to being a "bad actor" (which is not to say that your
competitors are not bad actors in other ways).
The problem is that if any one of your competitors is a bad actor, all
your policy compliance is meaningless for your relying parties, since
they're relying on your competitors as well. :(
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20111208/b07c3468/attachment.sig>
More information about the Observatory
mailing list