Skip to Content [alt-c]
In reply to Comment by Andrew Ayer
I'm wondering if these problems are solvable with better policy?
- Shouldn't we require certificate authorities to disclose their software stack and vendors? I assume there are public indicators that would allow this to be figured out anyway, so why hide it?
- Could root stores set limits on shared software stacks? It feels like the web pki is walking into a monoculture risk where one bug breaks everything.
- At what point do we just remove CAs that have a history of incompetence - regardless of the security impact of those failures?
Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
>
monospaced
Post a Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.