[cabfpub] [cabfman] Improving the security of EV Certificates
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Wed Dec 18 14:39:31 MST 2013
On 12/18/2013 11:32 PM, From Ryan Sleevi:
>
>
> On Wed, Dec 18, 2013 at 1:23 PM, Eddy Nigg (StartCom Ltd.)
> <eddy_nigg at startcom.org <mailto:eddy_nigg at startcom.org>> wrote:
>
>
> On 12/18/2013 10:14 PM, From Ryan Sleevi:
>>
>> > How did you arrive at that sum? Pinning shouldn't really cost
>> anything once the code is in the browsers. I also assume that
>> code changes for CT wouldn't be any cheaper than that.
>>
>> Pinning is NOT just a nob you turn. It carries huge operational
>> risks to realize the preventative guarantees
>>
>
> Are we talking about the same thing here?
>
>
> Absolutely.
>
> If you haven't followed the IETF discussions about pinning, I
> absolutely encourage you to do so.
Sadly I don't have much time for IETF discussions, but...
> The pinning draft itself is careful to spell out that there are
> non-trivial risks aplenty with pinning, BUT it can provide
> *preventative* mitigation.
WHAT? With pinning I understand to pin a particular certificate to a
particular host name in the browser. Is this what you are talking about?
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20131218/868f3b37/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
Url : https://cabforum.org/pipermail/public/attachments/20131218/868f3b37/attachment.bin
More information about the Public
mailing list