On Fri, Sep 26, 2014 at 06:52:34PM -0700, Greg wrote: > This the other question you asked: > > > And if I find out that's the case, would people care about little old me > > enough to burn a CA such as Comodo? > > > I think it depends on the situation, and the frequency with which > "malfunctions" occur. > > If malfunctions occur to "little old me"'s infrequently, I suspect little > will be done. > > When I detected what was most likely a MITM attack on me, and provided > evidence of it [1], nothing was done. > > [1] https://twitter.com/taoeffect/status/463378963901849600
"What happens now" is key here, but first -- It's hard to say if it was a MITM attack due to multiple moving parts, and certificate revocation being another wrench thrown in, but I'd still feel pretty creeped out if that was me. I used to use Cert Patrol and I'd get a warning whenever a cert changed, so I don't know why you weren't notified. It doesn't look good. But as for the question of what now, past experience is the best predictor. That nothing was done in your case is totally expected. No web browser wants to be the one that loses 25% of TLS sites (and thus how many users?) by burning a major CA. And it simply wouldn't happen even if all browser makers agreed/colluded to drop the CA together. For an especially egregious breach, a small CA could be burned, and this has happened before. But the beauty of it is that there are so many CAs for attackers to choose from! CT would allow the game to continue while maybe changing the details a little. Nicolai _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
