Hacker News new | ask | show | jobs
by Cthulhu_ 2652 days ago
It's not about whether it compromised security; it's that they didn't adhere to standards. If you're a certificate authority, you need to conform to standards. If you're not, you SHOULD get evicted as an authority, like DigiNotar [1] was for example.

[1] https://en.wikipedia.org/wiki/DigiNotar
1 comments
matmg 2652 days ago
I don't think you can compare misissuing certificates, including *.google.com, to leaving one bit out of 64 marked as 0.
link