[cryptography] the spell is broken

James A. Donald jamesd at echeque.com
Fri Oct 4 21:27:10 EDT 2013


On 2013-10-05 10:44, Jeffrey Walton wrote:
> On Thu, Oct 3, 2013 at 10:32 PM, James A. Donald <jamesd at echeque.com> wrote:
>> On 2013-10-04 11:41, Jeffrey Walton wrote:
>>> We could not get rid of Trustwave in the public sector (so much for
>>> economics).
>> What is wrong with trustwave?
> The company operates in an industry where trust is a commodity. The
> company violated the trust,which essentially means they have no
> product. Rewarding bad behavior was the last thing that should have
> happened.

Trustwave should have had its certificate authority revoked from 
browsers, but it is not in the CA business.  It is in the spying 
business, not in the trust business, but in the distrust business. The 
scandal is not that it abused its CA authority, but that it was given CA 
authority.  Trustwave spies.  That is its job.  Soldiers kill people and 
break things.  That is their job.

Trustwave's behavior is not scandalous.  Mozilla playing footsie with 
trustwave is scandalous.




More information about the cryptography mailing list