[SSL Observatory] SSL CA compromise in the wild

Chris Palmer chris at eff.org
Wed Mar 23 11:04:42 PDT 2011


On 03/23/2011 10:57 AM, Steve Schultze wrote:

> While I agree with you, evidently large popular sites still do it...
> so a proposal to not support those sites is unlikely to win.

Good thing I'm not proposing not to support those sites then.

We do the same thing we do when large, popular sites have XSS or SQL
injection bugs: We ask them to fix the bugs. We offer help. At the same
time, we work on web development libraries to make XSS and SQL injection
harder to do by accident, and easier to fix.

Anyway, I'm leaving this thread to go do useful work, such as finishing
my document for helping web developers deploy HTTPS without sacrificing
performance.


-- 
Chris Palmer
Technology Director, Electronic Frontier Foundation
https://www.eff.org/code



More information about the Observatory mailing list