Currently browsing tag


X.509 certs are less secure than you might think

This post is prompted by T.Rob's recent post "We’re gonna need a bigger crowd" where, among other things, he talks about X.509 certificate security. I agree with the core point of his post – crowd-sourcing is ineffective for highly specialized subjects – but this X.509 subject keeps coming up. It is one of the rare…