[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail

[Gervase Markham]

On 13/09/11 00:23, Rob Stradling wrote:
> Gerv, are you hinting that Mozilla are interested in implementing some sort of 
> whitelist-based certificate status checking mechanism in Firefox?  (Peter's 
> RTCS I-D, for example).

I was talking to Dan Veditz last night; I'm certainly interested in
investigating new revocation mechanisms. Although the arguments for
something DNS-based are IMO very strong (much better privacy story, very
hard to DOS, cached and distributed).

Gerv