On 02/03/2012 11:47 PM, Phillip Hallam-Baker wrote: > Some weeks ago, Google announced a change in their CA root > requirements prohibiting this type of cert. > > Clearly the ability to observe defaults and non compliance in the > provision of CA services has great value. The EFF observatory and the > Google CA restriction mechanism have helped identify two cases that > had not previously come to light. > > > Besides the obvious risks, what on earth possessed people to go and > buy what amounts to a universal lock pick for any financial site on > the net? Didn't they give any thought to the risks they were exposing > their own staff to? >
The architecture. All the best, Jacob
