[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Sep 13 08:23:45 PDT 2011
On 09/13/2011 10:58 AM, Rob Stradling wrote:
> OCSP Stapling solves OCSP's Privacy problem (and some of its Reliability,
> Performance and Availability problems too!), doesn't it?
Isn't OCSP stapling is logically equivalent to the much simpler approach
of short-lived, frequently-updated, OCSP-less certificates?
i wonder if any Certificate Authority offers such a service (with
automated update, presumably).
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110913/361bd3be/attachment.sig>
More information about the Observatory
mailing list