[cryptography] *.google.com certificate issued by DigiNotar
Seth David Schoen
schoen at loyalty.org
Fri Sep 2 14:54:33 EDT 2011
Marsh Ray writes:
> Why would they need to?
> What's the difference between a private key in the wild and a pwned
> CA that, even months after a breakin and audit, doesn't revoke or
> even know what it signed?
> (This is a serious question)
The pwned CA leaves evidence that other people can potentially discover
or collect. It also means that an individual user who knows what
public-key cryptography is can potentially do something to determine
whether an alleged key is valid.
Seth David Schoen <schoen at loyalty.org> | No haiku patents
http://www.loyalty.org/~schoen/ | means I've no incentive to
FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150 | -- Don Marti
More information about the cryptography