[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail
Gervase Markham
gerv at mozilla.org
Tue Sep 13 09:09:28 PDT 2011
On 13/09/11 00:23, Rob Stradling wrote:
> Gerv, are you hinting that Mozilla are interested in implementing some sort of
> whitelist-based certificate status checking mechanism in Firefox? (Peter's
> RTCS I-D, for example).
I was talking to Dan Veditz last night; I'm certainly interested in
investigating new revocation mechanisms. Although the arguments for
something DNS-based are IMO very strong (much better privacy story, very
hard to DOS, cached and distributed).
Gerv
More information about the Observatory
mailing list