Eddy Nigg wrote: > Even though I'm in favor of not mixing EV and other content, I think > this argument is moot. Chances that such an attack on a CA is successful > is most likely less than having you encounter such an attack yourself.
What makes you think that's true? Attacking a CA's DNS server allows you to obtain DV certs for as many domains as you can be bothered to submit requests for (and pay for). Why would they not be a big juicy target? > And you don't have to....apparently there are CAs where it's sufficient > to flip a flag to get any domain into a certificate... Let's discuss one problem at a time, please. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
