>Researchers at Indiana University opine that CA-issuers may be co-opted and
>coerced to improperly issue SSL certificates.
>Has SSL become pointless? Researchers suspect state-sponsored CA forgery
>Original paper here:
>Certified Lies: Detecting and Defeating Government
>Interception Attacks Against SSL
This was very interesting. And I don't doubt that the government
might be pressuring the cert companies to issue bogus certs.
I loved the statement:
'Other contributors agreed there may not be due cause to withdraw
CNNIC (China cert authority) from Firefox's root store, until
specific evidence of claims such as this one emerges.'
Do they actually think that dead men are going to be able to