[Cryptech Tech] The cert for cryptech.is

Rob Austein sra at hactrn.net
Sat Mar 29 17:57:51 UTC 2014


At Sat, 29 Mar 2014 18:14:24 +0100, Jakob Schlyter wrote:
> On 29 mar 2014, at 17:48, Leif Johansson <leifj at sunet.se> wrote:
> 
> > however since tlsa-support is not likely to appear any time soon
> > in browsers we are back to Joachims point: can we both sell
> > cryptech and rage against the CAs at the same time or should we
> > suck it up and buy the required bits?

It's not just rage against the CA business, wretched though it might
be.  It's handing a third party the ability to launch MITM attacks.

> or just fetch a free one from StartSSL, who is WebTrust audited.

Still a third party, although perhaps a less offensive third party.



More information about the Tech mailing list