Laurie: Improving SSL certificate security
Laurie: Improving SSL certificate security
Posted Apr 21, 2011 12:44 UTC (Thu) by robbe (guest, #16131)In reply to: Laurie: Improving SSL certificate security by rilder
Parent article: Laurie: Improving SSL certificate security
A single point is exactly useful in security: you need to protect less!
You can take a look at the procedures -- how the . KSK is handled, there are even videos available. Does even *one* CA document that thoroughly how they protect their CA private keys? They usually just tell some auditor, which has little incentive to prove that their procedures are problematic.
Sure the goverment of Fooland can lean on nic.foo to get google.foo pointed to a different address. Citizens of Fooland will just have to learn to type google.com instead if they don't trust their government.