[Cryptography] Toxic Combination
davehowe.pentesting at gmail.com
Wed Dec 10 06:29:47 EST 2014
On 09/12/2014 18:16, Anne & Lynn Wheeler wrote:
> On 12/09/2014 01:22 AM, Dave Howe wrote:
>> You would think they would go down the path of setting up their own CAs
>> for that - cheaper to set up a working group between them, get a HSM
>> based root, and issue signing certs to member institutions....
> The CA-industry had a lot of hype about supposed need for branded
> CA institution.
Which is good marketing, but not a reflection of reality (i.e. a "big
name" CA and a relatively unknown one are both treated the same by
Still, when you are in the business of selling the illusion of trust
validation, admitting to reality isn't likely to be a large part of your
game plan :)
More information about the cryptography