Perhaps this will clue users into the fact that they need to be vigilant about monitoring the trusted roots in their browsers. Perhaps this will clue the browser vendors into the fact that there needs to be a revocation distribution method for compromised certificates. Perhaps this will clue the CAs and other trusted root holders into the fact that they need to protect their roots. Or perhaps I ask too much from an industry accustomed to doing so little. Alexandra On Mon, 30 Oct 2000, Lucky Green wrote:
Does anybody on this list have details about the key compromise Sun experienced? See http://www.securityfocus.com/bid/1851
AFIK, this is the first published private key compromise of a major vendor. How did it happen?
Thanks, -- Lucky Green <shamrock@cypherpunks.to> PGP encrypted email preferred.