[cryptography] GeoTrust Launches GeoRoot; Allows Organizations with Their Own Certificate Authority (CA) to Chain to GeoTrust's Ubiquitous Public Root

ITechGeek itg at itechgeek.com
Mon Apr 6 10:07:17 EDT 2015


>From a business persons standpoint I can see why they might not use that
technical control.  They look at it as companies will use whatever they
want for their intranets (same reason we have new TLDs resolving as
127.0.53.53).  And like most places I'm going to guess that money takes
priority over the security of the Internet (And I would say their good name
except they are a spin off of the credit agency Equifax).



-----------------------------------------------------------------------------------------------
-ITG (ITechGeek)
ITG at ITechGeek.Com
https://itg.nu/
GPG Keys: https://itg.nu/contact/gpg-key
Preferred GPG Key: Fingerprint: AB46B7E363DA7E04ABFA57852AA9910A DCB1191A
Google Voice: +1-703-493-0128 / Twitter: ITechGeek / Facebook:
http://fb.me/Jbwa.Net

On Mon, Apr 6, 2015 at 2:59 AM, Jeffrey Walton <noloader at gmail.com> wrote:

> On Sun, Apr 5, 2015 at 6:25 PM, ITechGeek <itg at itechgeek.com> wrote:
> > So does this mean Iran & the like can stop hacking CAs and buy their own
> > Geotrust cert to MITM their population?
> >
> Yeah, its been around for a while. What's surprising is (or maybe not)
> is the CA is still not constraining the organizations even though a
> technical control is available to do so.
>
> Do away with the independent third party that assesses the signing
> request, don't bother with the security controls to limit impact of a
> bad actor, and then allow the organization to operate on best
> behavior. Sigh...
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20150406/93b3bbd4/attachment.html>


More information about the cryptography mailing list