[Ach] You Won't Be Needing These Any More:, On Removing Unused Certicates From Trust, Stores
Aaron Zauner
azet at azet.org
Thu Mar 20 21:03:28 CET 2014
Hi,
szebi wrote:
> Hi,
>
> Please keep in mind, that not all of these CAs are used for TLS
> certificates. Some of these CAs issue certs for mail-signing,
> hardware-based identification, etc.!
These use-cases still do not qualify. The security concerns described
are related to HTTPS in this paper, and they extend to all other
protocols. Corporate smart card implementations might be a different
story, but then again, you've got your own X.509 infrastructure within
your company and do not rely on external CAs (or at least I would never
suggest a customer to do so - it simply does not make any sense).
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140320/036b0976/attachment.sig>
More information about the Ach
mailing list