[cabfpub] Question on CT: Monitoring

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Fri Dec 20 14:49:17 MST 2013


On 12/20/2013 11:42 PM, From Rob Stradling:
> On 20/12/13 21:19, Eddy Nigg (StartCom Ltd.) wrote:
>> Allow me to annoying again...
>>
>> CAs don't need CT to monitor and review their issued certificates (and
>> process thereof). They are REQUIRED and MUST do that already today...
>
> AIUI, whoever breached DigiNotar was able to misissue certs and 
> prevent these certs from appearing in DigiNotar's database of issued 
> certs.

Just for the record, Diginotar knew it was breached and also revoked 
some certificates at the earlier stages, but continued operation and 
cover-up which just made it worse.


Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20131220/74a1710b/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
Url : https://cabforum.org/pipermail/public/attachments/20131220/74a1710b/attachment-0001.bin 


More information about the Public mailing list