Microsoft supporting tyrants?

Benoit Sibaud bsibaud at
Tue Mar 22 21:40:58 UTC 2011


Some pointers:
and (video)

"All major webbrowsers come with a list of CAs preinstalled they assume
as trustworthy. Every website can be signed by any of these CAs, so no
webbrowser would show a warning, if would be signed by a
Chinese certification authority or the Deutsche Telekom."

"At Defcon 2010, we reported the initial findings of the SSL
Observatory. That included thousands of valid "localhost"
certificates, certificates with weak keys, CA certs sharing keys and
with suspicious expiration dates, and the fact that there are
approximately 650 organizations that can sign a certificate for any
domain that will be trusted by modern desktop browsers, including some
that you might regard as untrustworthy."

BenoƮt Sibaud

More information about the Discussion mailing list