[Cryptography] The business of web hosting, was Commercial PKI as dog poop

[jrzx]

On Saturday, May 15, 2021 6:56 PM, John Levine <johnl at iecc.com> wrote:
> Once again, this is an Internet very much unlike the one
> the rest of us use.

> For my bank, the bank is in upstate NY but all of their
> web sites are handled by their contractor somewhere in
> the midwest, and I am quite certain the contractor
> manages the SSL certs,

You may be certain, but I see no evidence for your certainty
in their certs.

And if their contractor does indeed control their secrets,
then were he to stuff their certs into a CDN, which he did
not, then not only would their contractor have control, and
they not have control, but no end of unknown people and
machines between the machine servicing their web pages,
and the machine holding the secrets controlling their
certs, would also have control.