[cryptography] How much does it cost to start a root CA ?

Jeffrey Walton noloader at gmail.com
Sat Jan 5 08:19:18 EST 2013


On Sat, Jan 5, 2013 at 8:05 AM, Ralph Holz <holz at net.in.tum.de> wrote:
> Hi,
>
>> ...
>
> What I have also seen was post-hoc debate about the inclusion of the
> Chinese CA CNNIC (CN-NIC), which IMO highlighted a shortcoming of the
> process: If participants do not have much time, the one-week discussion
> period may pass without many comments and a CA thus be included. In the
> case of CNNIC, many objections were raised afterwards as this CA had
> been allegedly associated with malware in the past; there was also
> concern the Chinese government might use it to issue the kind of MITM
> certificates we're worried about. No proof of any such activity could be
> given, and Mozilla decided that the fair approach was to keep them in.
I mark those certificates as untrusted. I was born at night, but not last night.

Jeff



More information about the cryptography mailing list