<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 9/2/2018 7:17 PM, Phillip
Hallam-Baker wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAMm+LwgWyn82v+CHuuec1rezPfmWqGP3jYQ_cmJD+98XBzyE1Q@mail.gmail.com">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">And a design
brief where a random nation state can create a<br>
certificate for <a href="http://microsoft.com" rel="noreferrer"
target="_blank" moz-do-not-send="true">microsoft.com</a> is a
good one?!?<br>
</blockquote>
<div><br>
</div>
<div>
<div class="gmail_default" style="font-size:small">It enabled
Amazon and online commerce. It has worked for 20 years. Nation
state attacks tend to be mitigated by their reluctance to get
caught. Though not always. Skripal was obviously attacked with
the nerve agent to leave no doubt as to who was behind it.
Though that game is rather more desperate and higher stakes
than most.</div>
</div>
</blockquote>
<br>
There was a nation state, Iran, behind the Diginotar attack. The
attack enabled them to create fake certs for Google, so as to spy on
Gmail traffic. I would not say that all nation states exhibit
"reluctance to get caught".<br>
<br>
-- Christian Huitema<br>
</body>
</html>