Christoph Anton Mitterer <calestyo(_at_)scientia(_dot_)net> writes:
inherently broken (unless of course one trusts the Mozilla CAs, e.g.
turktrust and CNNIC O:-) )
I've always wondered, what do people have against these two certificate
vending machines in particular? Given that other vending machines trusted by
Mozilla have done all manner of bad things (selling certs to phishers and
other criminals, selling certs for things like apple.com to multiple people
who asked for them, selling thousands upon thousands of certs for internal,
unqualified, and RFC 1918 domains/addresses, etc), why the hostility directed
at these two? They're vending machines like any others, and what they did
seems to be genuine slip-ups rather than, for example, supplying certs to
Russian organised crime as other vendors have done.
It seems like a second informal requirement for being in a browser, alongside
"Don't sell only a small number of certs" (to meet the TB2F criteria required
by browsers if something goes wrong) is "Don't be Chinese or Arab/Persian/
Turkic". I don't know if any Russian/Byelorussian/Ukrainian/*stani vending
machines are present in browsers, but I'm guessing being one of those won't be
easy either.
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp