On 12/08/2011 01:44 PM, Erwann ABALEA wrote: > How did you come to write that the software used by VeriSign and most CAs > is based on OpenSSL and a few graphical front-ends such as TinyCA, without > any expensive hardware?
I beg your pardon, I was clearly factually wrong there, but i think
you've missed the point of what i was trying to say. The point there
was that the hardware or software or software to run a CA doesn't need
to be expensive or exclusive. i shouldn't have claimed that you didn't
spend a lot of money on your particular implementation. i've just
fixed the article.
Thanks for the correction!
> The fact that DigiNotar, and now KPN have proven do be bad actors doesn't
> mean that all of the others are as bad.
For the record, i don't consider using publicly-auditable, no-cost, free
software to equate to being a "bad actor" (which is not to say that your
competitors are not bad actors in other ways).
The problem is that if any one of your competitors is a bad actor, all
your policy compliance is meaningless for your relying parties, since
they're relying on your competitors as well. :(
--dkg
signature.asc
Description: OpenPGP digital signature
