[cryptography] another cert failure

Jeffrey Walton noloader at gmail.com
Sat Jan 5 15:44:36 EST 2013


On Sat, Jan 5, 2013 at 3:26 PM, Ryan Hurst <ryan.hurst at globalsign.com> wrote:
> Ian, I do agree with you that the dynamic configurations of them firewall is the most suspect part of the story.
>
> I'm inclined to give them the benefit of the doubt based on my experience managing some UI related efforts inside of Windows -- aka today modern software makes an effort to intuit user intent based off of action.
>
I think we need a screen shot of the UI in question. I have not
managed a Checkpoint firewall in years, but I have my suspicions. That
might offer something fairly conclusive about the willfulness of the
end customer.

TurkTrust likely sold the certificates in pursuit of profits. I don't
think there's any doubt about that. Are they not responsible for their
actions (even if it was a mistake in hindsight)?

OT: what are folks going to do when a data breach occurs in someone
else's cloud provider and your PII/SSN goes flying out the window.
Worse, bury it in layers of corporate indirection so its nearly
impossible to be made whole. Are folks going to give those negligent
the benefit of the doubt and say its OK?

Jeff



More information about the cryptography mailing list