[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail

[Larry Seltzer]

>>Since you can't directly invalidate an unknown cert, the only way to do it
is
pull the root.

The whitelist I was referring to was the trusted root collection. Isn't this
a whitelist?

LJS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110905/bf9eef51/attachment.html>