[SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA

Phillip Hallam-Baker hallam at gmail.com
Sun Nov 6 15:01:55 PST 2011 

On Sun, Nov 6, 2011 at 1:49 PM, Peter Eckersley <pde at eff.org> wrote:

> On Sun, Nov 06, 2011 at 12:51:11AM +0100, Erwann ABALEA wrote:
>
> > In practice, you can only register root CAs into browsers, and you're
> > strongly advised to *not* issue certificates directly under the root,
> > like it was the case some years ago with the big CA vendors selling
> > X.509v1 certificates. So a company acting as a CA has at least one
> > root CA,
>
> There are certainly some companies that act as CAs that are "only"
> subordinate/intermediate CAs.  We know this with a fair degree of
> certainty,
> because companies that operate root CAs have asked us, "can you use the
> Observatory to tell us what this company we issued a sub-CA to has been
> signing with it?".


Nobody has ever disputed the fact that some of the intermediate certs are
cross certificates.

What has now been proven is that most of those certificates are not cross
certificates. Yet you still cling to making that claim.


Who is your supervisor at the EFF?

Is there someone we can take this up with who is interested in the truth of
the claims made?


-- 
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/observatory/attachments/20111106/880b10f0/attachment.html>

More information about the Observatory mailing list