On Wed, Aug 31, 2016 at 09:33:18PM -0700, George William Herbert wrote:
On Aug 31, 2016, at 6:36 PM, Matt Palmer <mpalmer@hezmatt.org> wrote: there's just waaaay too many sites using WoSign (and StartCom) for the CAs' roots to just be pulled. Sad, but true.
Not even. Pull away.
Not going to happen. Feel free to argue otherwise in the appropriate venues, but you're tilting at windmills, IMO.
I'd be surprised if most business continuity people could even name their cert provider, and most probably don't even know how certs come to exist or that they *can* be made useless on a wide scale by the actions of, seemingly, an unrelated third party.
Not in my neck of the woods. If you have a drought of good ones in your area my consulting company calls that an opportunity...
How the hell do you get from "the world does not work that way" to "please pitch me your consulting services"? - Matt