[cryptography] Symantec gets it wrong

Jack Lloyd lloyd at randombit.net
Thu Sep 8 12:31:48 EDT 2011


On Thu, Sep 08, 2011 at 09:20:07AM -0700, Andy Steingruebl wrote:

> Today, maybe that has changed ever so slightly?  If a customer now
> fears that their/A CA will actually get de-listed from the popular
> platforms, thus causing them an outage, maybe customers start
> demanding CAs that are less likely to get de-listed? Maybe ones that
> can demonstrate better security controls, or somesuch?

I would guess the best way of ensuring your CA is not delisted is to
make sure that they are so widely used that killing them is not a
viable option because of the amount of collateral damage it would
cause.

Too Trusted To Fail

-Jack



More information about the cryptography mailing list