Balint Balogh wrote: > Without this security measure, any CA that has its certificates in client > software has the power to thwart SSL/TLS security by issuing fake certificates > claiming to belong to *.example.com servers or email addresses.
If you think they might do that, why might they not do it for other domains your users use (e.g. their bank)? Surely you either believe a CA is trustworthy to correctly issue certificates for websites or it isn't? Or are you concerned that a rogue employee at an otherwise honest CA will have a particular wish to undermine your company and employees and will cause a single bogus certificate to be issued as part of his campaign to target you? Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
