Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Another CA Compromise: TurkTrust

Griffin Boyce griffinboyce at gmail.com
Thu Jan 3 17:23:45 PST 2013


Honestly, a full and transparent audit of all CAs and vendors would be
better.  If every CA had to list which sites it had issued certificates
for, a few dozen would probably shake out with fake certs for Google or
Apple.

I don't think Convergence is the solution, unfortunately.

~Griffin

On Thu, Jan 3, 2013 at 8:09 PM, Nadim Kobeissi <nadim at nadim.cc> wrote:

> Another CA has been found issuing SSL certificates for Google services.
> Mozilla has acted on the issue:
> https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
>
> The weird thing is that it's starting to appear less and less crazy to
> just get rid of the CA system and replace it with… nothing. What do you
> guys think?
>
> NK
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
"What do you think Indians are supposed to look like?
What's the real difference between an eagle feather fan
and a pink necktie? Not much."
~Sherman Alexie

PGP Key etc: https://www.noisebridge.net/wiki/User:Fontaine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130103/e357bb79/attachment.html>


More information about the liberationtech mailing list