[cryptography] An appropriate image from Diginotar
shamrock at cypherpunks.to
Wed Aug 31 22:43:43 EDT 2011
On 2011-08-30 10:02, Peter Gutmann wrote:
> The guy in the background must have removed his turban/taqiyah for the photo.
There is one useful data point that came from the DigiNotar mess-up: we
now know, thanks to Mozilla, Debian, and the SSL Observatory what the
lower bound is for a failed CA to be considered too big to fail.
You must have issued some (unknown) number in excess of 701 SSL certs to
not see your root pulled from certificate-consuming software when you
@nocombat writes: SSL Observatory: select count(Subject) from
valid_certs where Issuer like '%diginotar%' → 701
So far, we only knew what the upper bound is to be considered too big to
fail, which was the number of certs issued by Comodo and Symantec
More information about the cryptography