PUP: Browsers should make & implement a phase-out plan for commercial CAs. Now that clueful ppl all get free automated certs, the CA market is just scams targeting the uninformed.
-
-
Wouldn't it make it possible to get a court order to close the website, minimizing the time the attack can occur? I also imagine that for a well known international name (e.g., Google, not stripe), most registrar would refuse to register another Google inc, making attack >$$$
-
I mean, the question is whether Pr[cert forged|EV] > Pr[cert forged], not whether Pr[EV forged] > 0. And I mean, you have similar threat for letsencrypt with similar unicode gylphs, which is not easy to mitigate (thought to require a minimal amount of image diff of rendered font)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.