[cryptography] [SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail
James A. Donald
jamesd at echeque.com
Mon Sep 5 21:57:41 EDT 2011
> > > the browser
> > > vendors have
> > > chosen to prevent them from employing any other option (I can't, for
> > > example, turn on TLS-PSK or TLS-SRP in my server, because no browsers
> > > support it - it would make the CAs look bad if it were deployed).
> > Patches welcome? (Or did we reject them already? :-)
On 2011-09-06 9:35 AM, Ian G wrote:
> Patches aren't welcome.
The only solution is a fork, and the only way we can get something this
huge forked is if someone with serious money wants a secure browser.
The banks are allergic to innovation. One of the people issuing new
kinds of netbased money might be up for it, but only after they have
succeeded enough that your spam filter is full of efforts to phish them.
At which point yurls and SRP might look attractive to them. Check your
spam filter for potential customers.
More information about the cryptography