[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail
Larry Seltzer
larry at larryseltzer.com
Mon Sep 5 05:30:39 PDT 2011
>
> >another argument against blacklists, they're totally useless against a
> manufactured-certificate attack like this
>
It seems to me this is a failure of both blacklists and whitelists.
Revocation is based on blacklisting and trusted roots are themselves a
whitelist. So from the point of view of the CA blacklisting failed, from the
point of view of users whitelisting failed. No?
LJS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110905/ac37ad5a/attachment.html>
More information about the Observatory
mailing list