On Fri, Apr 01, 2011 at 10:24:35PM +0100, István wrote: > > You're probably not aware (owing to your arrogance) that at least some of > > the CAs which ship as part of the Mozilla bundle have been known to issue > > fraudulent certificates in the past, even the past few weeks. > > > > once there was a remote root in freebsd kernel, so I have just stopped using > it > > (sometimes I wish I did....)
It is worth noting that there is a difference between, on one hand, using software and discovering a bug exists in it that may not even have possibly affected you -- and, on the other, taking some faceless third party's assurances on issues of cryptographic trust and discovering that refusing to take responsibility for your own decisions about trust has placed your security at the mercy of untrustworthy people. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ]
pgp8amjKk7ZI0.pgp
Description: PGP signature
