[cryptography] Symantec gets it wrong

Ralph Holz holz at net.in.tum.de
Thu Sep 8 14:16:07 EDT 2011


>> http://www.symantec.com/connect/blogs/why-your-certificate-authority-matters
> To be contrarian for a moment....


> This isn't to say it justifies or supports the marketing campaign, but
> perhaps there is a real message hidden in there after all?

That would be a really far-sighted campaign, but yes, it's a point.

However, what I meant is that the blog entry ignores the fact that as
long as there is a weakest link in the root store, protection of your
domain certification is exactly as strong as that weakest link. Sure,
you can go to VeriSign to get a certificate, but it won't help you if
DigiNotar is hacked afterwards and certificates for your domain issued.

I am no good at predicting customer behaviour, but why should customers
opt for the more expensive solution then?


Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110908/9bec31f4/attachment.asc>

More information about the cryptography mailing list