[SSL Observatory] SSL CA compromise in the wild

[Matt McCutchen]

On Wed, 2011-03-23 at 12:48 -0400, Steve Schultze wrote:
> SSH is just TOFU.  So, the current CA model with HSTS is at least as
> good as SSH, and probably better because at least you first have to
> compromise a CA.

What?  HTTP Strict Transport Security does not pin the cert (it only
prevents the user from accepting bad certs), so it is exposed to CA
compromises.  SSH is not.

-- 
Matt