[cryptography] this house believes that user's control over the root list is a placebo

Arshad Noor arshad.noor at strongauth.com
Mon Jun 27 20:59:36 EDT 2011

On 06/26/2011 02:50 AM, Ralph Holz wrote:
> Which brings us to the next point: how do we measure improvement? What
> we would need - and don't have, and likely won't have for another long
> while - are numbers that are statistically meaningful.
> On moz.dev.sec.policy, the proposal is out that CAs need to publicly
> disclose security incidents and breaches. This could actually be a good
> step forward.

I agree - except that is should apply to more than just CAs.

In 2008, I sent the following e-mail to my representatives and both
Presidential candidates:


Its intent was to initiate a change in policy wrt breach disclosures.
There was not even the courtesy of a form-response from most of them,
so its not surprising that we continue to fly blind in 2011.

Arshad Noor
StrongAuth, Inc.

More information about the cryptography mailing list