[cabfpub] Updated Certificate Transparency + Extended Validation plan

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Wed Feb 12 15:40:01 MST 2014


On 02/10/2014 06:28 PM, From Chema López González:
> Have anyone take into account the current position of EJBCA 
> <http://blog.ejbca.org/2013/09/certificate-transparency-and.html>, a 
> mayor player in this stuff of digital certificates?

And I want to see how CAs will struggle when they issue one thing 
initially as a pre-certificate and then place something else into the 
actual certificate and mess with their entire infrastructure maintaining 
multiple PKI trees. Or will poke holes the size of a football field into 
their infrastructure in order to get the desired result. And eventually 
simply drop pre-certificates entirely. That's in the best case, it the 
worse case they either got hacked at some point or messed up their PKI 
trees with who issued what when at which time and to whom...good luck 
with that.


Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140213/ae6f89f2/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
Url : https://cabforum.org/pipermail/public/attachments/20140213/ae6f89f2/attachment.bin 


More information about the Public mailing list