[oss-security] Re: 0xdeadbeef comes of age: making keysteak with GnuPG

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Oct 10 18:37:28 CEST 2014

On 10/10/2014 12:23 PM, Daniel Kahn Gillmor wrote:
> On 10/10/2014 12:01 PM, David Leon Gil wrote:
>> > (While I know that if a root CA were caught intentionally issuing an
>> > MitM cert for keybase.io or pgp.mit.edu would face likely
>> > delisting/bankruptcy.)
> I'd like to believe that also, but i think that some of the members of
> the CA cartel might be "too big to fail" in the current infrastructure.
>  There's no chance that the CA will go bankrupt if they aren't delisted
> (since the CA market is a lemon market), and every web site certified by
> the bigger CAs has an incentive to argue against that CAs' delisting
> (because it will break their web site).

And, even when we can burn a small CA, the larger organization often
carries on unharmed:



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141010/9d9dadd8/attachment.sig>

More information about the Gnupg-devel mailing list