[Cryptography] Toxic Combination

Dave Howe davehowe.pentesting at gmail.com
Wed Dec 10 06:29:47 EST 2014

On 09/12/2014 18:16, Anne & Lynn Wheeler wrote:
> On 12/09/2014 01:22 AM, Dave Howe wrote:
>> You would think they would go down the path of setting up their own CAs
>> for that - cheaper to set up a working group between them, get a HSM
>> based root, and issue signing certs to member institutions....
> The CA-industry had a lot of hype about supposed need for branded
> CA institution.

Which is good marketing, but not a reflection of reality (i.e. a "big
name" CA and a relatively unknown one are both treated the same by
validation checking)

Still, when you are in the business of selling the illusion of trust
validation, admitting to reality isn't likely to be a large part of your
game plan :)

More information about the cryptography mailing list