[cryptography] [OT] After Digital Certificate Hack, Mozilla Seeks Reassurances

Jeffrey Walton noloader at gmail.com
Thu Sep 8 22:50:17 EDT 2011


I wonder how many CAs are going to report back with defects and
promises that they will fix?

http://www.pcworld.com/businesscenter/article/239699/after_digital_certificate_hack_mozilla_seeks_reassurances.html

In emails sent out to digital certificate authorities Thursday,
Mozilla Certificate Authority (CA) Certificates Module owner Kathleen
Wilson asked CAs such as Symantec and Go Daddy to audit their systems
for any possible compromise, confirm that nobody can issue a digital
certificate without two-factor authentication, and shore up practices
with any third parties that might be able to issue digital
certificates using the CA's root key.

Mozilla is giving CAs until Sept. 16 to respond to the email, but the
browser maker is not saying what will happen if any of its 54 CAs
ignore the request.
...



More information about the cryptography mailing list