[SSL Observatory] the CA sub-CA smoking gun
Jacob Appelbaum
jacob at appelbaum.net
Fri Feb 3 14:56:10 PST 2012
On 02/03/2012 11:47 PM, Phillip Hallam-Baker wrote:
> Some weeks ago, Google announced a change in their CA root
> requirements prohibiting this type of cert.
>
> Clearly the ability to observe defaults and non compliance in the
> provision of CA services has great value. The EFF observatory and the
> Google CA restriction mechanism have helped identify two cases that
> had not previously come to light.
>
>
> Besides the obvious risks, what on earth possessed people to go and
> buy what amounts to a universal lock pick for any financial site on
> the net? Didn't they give any thought to the risks they were exposing
> their own staff to?
>
The architecture.
All the best,
Jacob
More information about the Observatory
mailing list