24 Mar
2011
24 Mar
'11
5:39 p.m.
----- Original Message -----
From: "Roland Dobbins" <rdobbins@arbor.net> To: "nanog group" <nanog@nanog.org> Sent: Friday, 25 March, 2011 9:33:27 AM Subject: Re: The state-level attack on the SSL CA security model On Mar 24, 2011, at 6:41 PM, Florian Weimer wrote:
Disclosure devalues information.
I think this case is different, given the perception of the cert as a 'thing' to be bartered.
Isn't there any law that obliges company to disclose security breaches that involve consumer data?