Replies: 3 comments 1 reply
-
|
CRYSTALS Dilithium branch in Sample inception: |
Beta Was this translation helpful? Give feedback.
0 replies
-
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Ok so no key compromise was involved. Microsoft signed it. Attackers did not discover Microsoft's private keys. Microsoft was induced to sign root certificates it was not supposed to sign. This is not a crypto problem or key management problem, its an identity assurance problem. People who complain that proper identity assurance is too much friction so take shortcuts should learn from Microsofts's repeated mistakes. Taking shortcuts on its identity assurance before issuing a certificate/credential leads to down stream security vulnerabilities. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Can we say Microsoft is just repeating LetsEncrypt's mistakes |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
https://us06web.zoom.us/rec/share/IYIO1rF9-VrYz55-Qsrpf33UKB7SHw0VaO3vUn65kS3TufC61o6n4VCTIXuKSJ67.ZqXFtuU6I1j2Zikr
Passcode: p%DS08Z9
Reports
keripy
did:webs
KERIA
Signify-TS
SignifyPy
CESRide
Parside
Discussion around security postures for data storage
Beta Was this translation helpful? Give feedback.
All reactions