(Sorry for the broken references, my MUA misplaced the e-mail I'm *actually* replying to.)
On 03/14/2019 03:08 PM, Stephan von Krawczynski wrote: > Some facts for you, as obviously you have not understood what a CA is worth > that is compromised by either hackers or "authorities". > If you want to know more, read articles about closing of CA DigiNotar, like: > https://en.wikipedia.org/wiki/DigiNotar > > Then read US export laws concerning security devices. > Then judge your US-issued certs... Out of interest, does(*) or doesn't(**) your scenario include mechanisms like HPKP? (*) I'm not aware of any MUAs implementing one, just browsers, and it's now being phased out by *them* in favor of CT, too. (**) If not, the question of what CAs issued any *legit* certs for you has no practical relevance on whether and which other CAs may get hacked or judicially suborned into creating a working fraudulent one. (Where "practical" means "you cannot expect the entire, possibly worldwide, user population to manually strip their clients' list of accepted CAs down to the one *you* chose".) Regards, -- Jochen Bern Systemingenieur www.binect.de www.facebook.de/binect
smime.p7s
Description: S/MIME Cryptographic Signature
