Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

Hello Ryan, Thank you for the ongoing dialogue. We read your latest message and we understand your points. We can follow your arguments that the solution we proposed would not be viable for the overall ecosystem. It was a pleasure to have this discussion with you and we thank you for the

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

> I realize this is almost entirely critical, and I hope it's taken as > critical of the proposal, not of the investment or interest in this space. Not a problem for being critical and we don’t take it personally. We appreciate the discussion, the time you spend and the opportunity to propose

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

Hello all, My colleague André and I recently became aware of this problem and we explored a new solution to it. Please find our analysis below. For a formatted version of this message with images inline, please find it available at:

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

> Hi Nils, > > This is interesting, but unfortunately, doesn’t work. The 4-certificate > hierarchy makes the very basic, but understandable, mistake of assuming the > Root CA revoking the SICA is sufficient, but this thread already captures > why it isn’t. > > Unfortunately, as this is key

Re: SECURITY RELEVANT FOR CAs: The curious case of the Dangerous Delegated Responder Cert

Hello all, My colleague Andre and I recently became aware of this problem and we explored a new solution to it. Please find our analysis below. For a formatted version of this message with images inline, please find it available at: