[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Chrome & Firefox protecting users against Symantec (Thawte, Verisign, Equifax, Geotrust, RapidSSL, etc) certs.

>    (Side question:  Why the heck did Symantec think it needed so many
>    different names?  When I see other companies playing shell games like
>    that my first thought is money laundering.)
Because they bought other CA’s, who had previously in turn acquired yet another CA’s.  The root keys are identified in a number of ways – name, key-hash, etc – and often embedded in systems that cannot be easily modified, if at all.

So while it might be nice to ‘clean up’ the naming tree and consolidate it, there are reasons to not do so and the strongest reason in favor is really little more than nerd aesthetics.


The cryptography mailing list
cryptography AT metzdowd.com