[cabfpub] Updated Certificate Transparency + Extended Validation plan

Jeremy Rowley jeremy.rowley at digicert.com
Thu Feb 13 00:11:03 UTC 2014


So far no struggles.  PKI tree looks fine.

 

Jeremy

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Eddy Nigg (StartCom Ltd.)
Sent: Wednesday, February 12, 2014 3:40 PM
To: public at cabforum.org
Subject: Re: [cabfpub] Updated Certificate Transparency + Extended Validation plan

 


On 02/10/2014 06:28 PM, From Chema López González: 

Have anyone take into account the current position of EJBCA <http://blog.ejbca.org/2013/09/certificate-transparency-and.html> , a mayor player in this stuff of digital certificates?


And I want to see how CAs will struggle when they issue one thing initially as a pre-certificate and then place something else into the actual certificate and mess with their entire infrastructure maintaining multiple PKI trees. Or will poke holes the size of a football field into their infrastructure in order to get the desired result. And eventually simply drop pre-certificates entirely. That's in the best case, it the worse case they either got hacked at some point or messed up their PKI trees with who issued what when at which time and to whom...good luck with that. 




Regards 


 


Signer: 

Eddy Nigg, COO/CTO


 

StartCom Ltd. <http://www.startcom.org> 


XMPP: 

startcom at startcom.org


Blog: 

Join the Revolution! <http://blog.startcom.org> 


Twitter: 

Follow Me <http://twitter.com/eddy_nigg> 


 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140212/855dc823/attachment-0003.html>


More information about the Public mailing list