LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fraudulent certificates in the wild — again

Fraudulent certificates in the wild — again

Posted Jan 7, 2013 5:19 UTC (Mon) by dlang (✭ supporter ✭, #313)
In reply to: Fraudulent certificates in the wild — again by giraffedata
Parent article: Fraudulent certificates in the wild — again

The protocol gives you no way to have a cert signed by multiple CAs

(Log in to post comments)

Fraudulent certificates in the wild — again

Posted Jan 7, 2013 6:38 UTC (Mon) by giraffedata (subscriber, #1954) [Link]

I was talking about having multiple certificates for the same identity. I might demand that you supply two of them, or give you the opportunity to offer an alternate certificate if I don't trust the first one.

Fraudulent certificates in the wild — again

Posted Jan 7, 2013 6:47 UTC (Mon) by dlang (✭ supporter ✭, #313) [Link]

no standards exit for doing that. If you're going to require deploying a new standard to the entire Internet you may as well try to make it be DNSSEC based.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds