On Mar 24, 2011, at 2:44 PM, George Herbert wrote: > On Thu, Mar 24, 2011 at 2:39 PM, Franck Martin <fra...@genius.com> wrote: >> >> >> ----- Original Message ----- >>> From: "Roland Dobbins" <rdobb...@arbor.net> >>> To: "nanog group" <nanog@nanog.org> >>> Sent: Friday, 25 March, 2011 9:33:27 AM >>> Subject: Re: The state-level attack on the SSL CA security model >>> On Mar 24, 2011, at 6:41 PM, Florian Weimer wrote: >>> >>>> Disclosure devalues information. >>> >>> >>> I think this case is different, given the perception of the cert as a >>> 'thing' to be bartered. >>> >> >> Isn't there any law that obliges company to disclose security breaches that >> involve consumer data? > > I don't think SSL certs are consumer data, per se. > No, but, a weak SSL cert in use by your company could disclose consumer data due to its weakness.
Owen
