[SSL Observatory] SSL CA compromise in the wild
Ludwig Nussel
ludwig.nussel at suse.de
Wed Mar 23 09:32:23 PDT 2011
Steve Schultze wrote:
> > A problem of course is trying to put the smoke back in the bottle -
> > going to CAs and telling them their broad signing powers are now going
> > to be restricted. It'd be extremely difficult if not impossible to
> > regulate signing certs already issued, and trying to regulate them
> > going forward would probably bring cries of anger from the signers who
> > want to be 'grandfathered' in and have the overarching powers of the
> > signers that got there first.
>
> Yes, this is the biggest problem. Also, how do you decide which CAs have
> authority for which ccTLDs? Is it based on the country in which they do
> business? That's what Chris Soghoian has suggested.
>
> What about non-ccTLDs?
The domain registry could simply issue the certificate at the same
time it assigns the domain name.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
More information about the Observatory
mailing list