[cryptography] [SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail

James A. Donald jamesd at echeque.com
Mon Sep 5 21:57:41 EDT 2011


> > > the browser
> > > vendors have
> > > chosen to prevent them from employing any other option (I can't, for
> > > example, turn on TLS-PSK or TLS-SRP in my server, because no browsers
> > > support it - it would make the CAs look bad if it were deployed).

> > Patches welcome? (Or did we reject them already? :-)

On 2011-09-06 9:35 AM, Ian G wrote:
> Patches aren't welcome.

The only solution is a fork, and the only way we can get something this 
huge forked is if someone with serious money wants a secure browser.

The banks are allergic to innovation.  One of the people issuing new 
kinds of netbased money might be up for it, but only after they have 
succeeded enough that your spam filter is full of efforts to phish them.

At which point yurls and SRP might look attractive to them.  Check your 
spam filter for potential customers.



More information about the cryptography mailing list