[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail
Larry Seltzer
larry at larryseltzer.com
Mon Sep 5 19:50:09 PDT 2011
>>Since you can't directly invalidate an unknown cert, the only way to do it
is
pull the root.
The whitelist I was referring to was the trusted root collection. Isn't this
a whitelist?
LJS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110905/bf9eef51/attachment.html>
More information about the Observatory
mailing list