(In reply to comment #84)
> Hey Doktor - the operation was successful - the patient died? This is actually
> not what we want. Don't kill the patient, root out the source of the problem.
> Or yank the root.
Understandable, given that issuing certs is one of your company's businesses. :-) However, I have to go with The H Security:
<snip>
The incident is further proof that the entire concept of SSL and of users' trust in the Certificate Authorities are standing on feet of clay. After all, a certificate is also considered trustworthy even if it is issued by a CA reseller based in a country to which users probably wouldn't even go on holiday for security reasons. And the promised technologies don't even work when a compromised certificate is made public. It is time to come up with a new concept – and "EV-SSL" certificates, at least, should not be a part of it .
</snip>
(In reply to comment #84)
> Hey Doktor - the operation was successful - the patient died? This is actually
> not what we want. Don't kill the patient, root out the source of the problem.
> Or yank the root.
Understandable, given that issuing certs is one of your company's businesses. :-) However, I have to go with The H Security:
<snip>
The incident is further proof that the entire concept of SSL and of users' trust in the Certificate Authorities are standing on feet of clay. After all, a certificate is also considered trustworthy even if it is issued by a CA reseller based in a country to which users probably wouldn't even go on holiday for security reasons. And the promised technologies don't even work when a compromised certificate is made public. It is time to come up with a new concept – and "EV-SSL" certificates, at least, should not be a part of it .
</snip>
http:// www.h-online. com/security/ news/item/ SSL-meltdown- forces- browser- developers- to-update- 1213358. html
> As such why is bug 642395 restricted?
Security by obscurity? :P Someone should unlock it promptly, gets ridiculous.