|
|
|
|
|
|
by kwccoin
2601 days ago
|
|
|
Do they follow basic PKI best practice. Do they actually know (not after the fact) the certification path validation algorithm. It shall be auto. Is Firefox use the normal PKI authentication mechanism. Their reaction is like this is a surprise and even signing intermediate cert as the first step and instead of talking about bypass or hack the whole PKI trust chain. Based on some of the comments here, I think one has to understand that it is not just timestamp and validity. The checking of PKI is per transaction and on a continuous basis. It is NOT just based on signing but also based on CRL (cert. revocation list) which is also key. I read the blog a few time. I feel frightened not enlightened. It seems they are not on the ball. A minor mistake (forget to renewal cert. like O2 (not sure but heard same issue)) gave a lot of lights on issues. Do they have CPS even ... :-) or :-((( |
|
|