<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
On 02/10/2014 06:28 PM, From Chema López González:
<blockquote
cite="mid:CAPZr7T+t7vcjoKo1u_7VRWAizysG3QJ-RSiJ7WnVoGNFDi2gqA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">Have anyone take into account the <a
moz-do-not-send="true"
href="http://blog.ejbca.org/2013/09/certificate-transparency-and.html">current
position of EJBCA</a>, a mayor player in this stuff of
digital certificates?</div>
</div>
</blockquote>
<br>
And I want to see how CAs will struggle when they issue one thing
initially as a pre-certificate and then place something else into
the actual certificate and mess with their entire infrastructure
maintaining multiple PKI trees. Or will poke holes the size of a
football field into their infrastructure in order to get the desired
result. And eventually simply drop pre-certificates entirely. That's
in the best case, it the worse case they either got hacked at some
point or messed up their PKI trees with who issued what when at
which time and to whom...good luck with that. <br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<br>
</body>
</html>