Fraudulent certificates in the wild — again
Posted Jan 5, 2013 21:17 UTC (Sat) by JanC_
In reply to: Fraudulent certificates in the wild — again
Parent article: Fraudulent certificates in the wild — again
The basic problem is that any CA can sign for any domain. That's the problem we should be working on. Once that is solved the rest becomes tractable.
That would require some out-of-band system to check which CA can sign for which domain. But then, how do you make sure you can retrieve that info securely?
to post comments)