[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail
Rob Stradling
rob.stradling at comodo.com
Wed Sep 14 01:27:26 PDT 2011
On Tuesday 13 Sep 2011 17:09:28 Gervase Markham wrote:
> On 13/09/11 00:23, Rob Stradling wrote:
> > Gerv, are you hinting that Mozilla are interested in implementing some
> > sort of whitelist-based certificate status checking mechanism in
> > Firefox? (Peter's RTCS I-D, for example).
>
> I was talking to Dan Veditz last night; I'm certainly interested in
> investigating new revocation mechanisms. Although the arguments for
> something DNS-based are IMO very strong (much better privacy story, very
> hard to DOS, cached and distributed).
A DNS-based revocation checking solution would require Clients to do secure
time sync instead of use nonces, right?
> Gerv
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Observatory
mailing list