[cryptography] Symantec gets it wrong

Andy Steingruebl andy at steingruebl.com
Thu Sep 8 12:20:07 EDT 2011


On Thu, Sep 8, 2011 at 1:30 AM, Ralph Holz <holz at net.in.tum.de> wrote:
> Hi,
>
> I (still) cannot believe how Symantec reacts to the DigiNotar breaches -
> basically ignoring the known shortcomings:
>
> http://www.symantec.com/connect/blogs/why-your-certificate-authority-matters

To be contrarian for a moment....

In the "old days" ( a few months ago) the only really difference for a
customer between most CAs was how widely their trust was distributed.
What platforms (Windows, which mobile phones, etc).  Their customers
didn't have to care about quality, and really didn't have to care
about the CA going away, except if the CA went bankrupt or
something...

Today, maybe that has changed ever so slightly?  If a customer now
fears that their/A CA will actually get de-listed from the popular
platforms, thus causing them an outage, maybe customers start
demanding CAs that are less likely to get de-listed? Maybe ones that
can demonstrate better security controls, or somesuch?

This isn't to say it justifies or supports the marketing campaign, but
perhaps there is a real message hidden in there after all?

- Andy



More information about the cryptography mailing list