LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fraudulent *.google.com certificate issued

Fraudulent *.google.com certificate issued

Posted Sep 6, 2011 4:14 UTC (Tue) by clint (subscriber, #7076)
In reply to: Fraudulent *.google.com certificate issued by job
Parent article: Fraudulent *.google.com certificate issued

Is your TLD run by an organization not rife with incompetence, laziness, and corruption?

(Log in to post comments)

Fraudulent *.google.com certificate issued

Posted Sep 6, 2011 7:45 UTC (Tue) by job (guest, #670) [Link]

Absolutely. I recognize some of the technicians responsible from UNIX groups and mailing lists and I have no reason to doubt their competence.

But the point here is that I can choose which TLD I register my domains under, and trust is not implicitly delegated between them. Even if the .xxx top level domain (as a completely made up example) is run by greedy or incompetent people they can't create a mess for any one else, as opposed to the current CA model where DigiNotar can sign "CN=*.*.com".

That's is not just an implementation detail, it's a fundamental difference.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds