[tptacek]

It would be a "classic reverse buyout" if DigiCert was going to continue to operate the Symantec CA infrastructure. If it is not, then Google and Mozilla will have accomplished their most important objective, which is the elimination of insecure certificate issuers in current operation.

You clearly have other objectives you would like Google and Mozilla to accomplish for you, and I probably agree with many of them, but let's try to stay focused here.

[justinjlynn]

And now the same people who made that shitty infrastructure will control a large chunk of the business that created what was once (probably) a perfectly good one -- and likely make the same shit decisions that made their old one shit as well making digicerts' infrastructure worse, and eventually probably shit as well.

[tptacek]

I'm pretty sure the Symantec CA people aren't coming along or taking over Digicert.

[justinjlynn]

With 30% control, you can bet there are Symantec CA business people coming into Digicert.

[tptacek]

Would you like to make that bet more explicit? I would be game.

[justinjlynn]

Sure. How would we judge it though?

[tptacek]

Lay out the scenario, in as much detail as you can, where employees of Symantec brought over to DigiCert somehow corrupt the certificate issuance process. If it's specific enough, I'll take your money over it (I assume proceeds to charity; mine's Partners In Health).