[Cryptography] The Trouble with Certificate Transparency
Salz, Rich
rsalz at akamai.com
Sun Sep 28 21:29:29 EDT 2014
> In this particular example, there is a third option that is more likely to happen than either of the two you've presented: Verisign will say they were hacked, and that their private keys were used without their consent or knowledge.
Yes it's a possible response. I can't guess whether or not they would take it. And the net effect -- dropped from the browser trust store -- still seems likely. We should you trust a CA that got hacked more than a CA that got compelled?
--
Principal Security Engineer, Akamai Technologies
IM: rsalz at jabber.me Twitter: RichSalz
More information about the cryptography
mailing list