Re: Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs

[Note: This comment comes from friend Steve Schear. DLH]

From: Steven Schear <steven.schear@googlemail.com>
Subject: Re: [Dewayne-Net] Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs
Date: March 23, 2017 at 11:16:57 PM EDT
To: dewayne@warpspeed.com

Notice how we never got opportunistic encryption of websites via self-signed certificates because any time someone tried to do it a NSA operative would find just the right way to trigger everyone’s paranoia and provoke everyone into focusing on the key distribution problem instead of looking at the big picture: how active MiTM attacks are more expensive than passive monitoring.

Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs
Chrome to immediately stop recognizing EV status and gradually nullify all certs.
By Dan Goodin
Mar 23 2017
<https://arstechnica.com/security/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/&gt;

Advertisements