On Mar 24, 2011, at 7:09 AM, Harald Koch wrote: > On 3/23/2011 11:05 PM, Martin Millnert wrote: >> To my surprise, I did not see a mention in this community of the >> latest proof of the complete failure of the SSL CA model to actually >> do what it is supposed to: provide security, rather than a false sense >> of security. > > This story strikes me as a success - the certs were revoked immediately, and > it took a surprisingly short amount of time for security fixes to appear all > over the place. > > <snip> > -- > Harald
I'd hardly call the fact that it required manual blacklist patches to every browser a "success". SSL is a failure if real revocation requires creating a patch for browsers and relying on users to install it. -- bk
