←back to thread

A Brazilian CA trusted only by Microsoft has issued a certificate for google.com

(follow.agwa.name)
482 points sanqui | 2 comments | 30 Nov 24 21:35 UTC | HN request time: 0.448s | source
Show context
danpalmer ◴[01 Dec 24 00:47 UTC] No.42285229[source]
This is a bad look. I expected the result would be Chrome and Firefox dropping trust for this CA, but they already don't trust this CA. Arguably, Microsoft/Windows trusting a CA that the other big players choose not to trust is an even worse look for Microsoft.
replies(8): >>42285389 #>>42285408 #>>42285431 #>>42285622 #>>42286061 #>>42286142 #>>42286897 #>>42287654 #
justinclift ◴[01 Dec 24 07:41 UTC] No.42286897[source]
> an even worse look for Microsoft.

Microsoft have a terrible reputation for security, which they've earned through doing stuff like this.

It's not likely to get any better any time soon either, as their trajectory is still pointed downwards.

replies(2): >>42287058 #>>42291038 #
danpalmer ◴[01 Dec 24 08:20 UTC] No.42287058[source]
I don’t know enough to comment on that reputation, but this surprises me. They’re known for being great at serving and selling to the enterprise, frequently at the expense of end users, and big enterprises/govts care a lot about security usually. Even if much of that caring is box ticking rather than actually looking into the security (hello ISO27001), you’d expect it to result in generally a security conscious culture.
replies(5): >>42287133 #>>42287137 #>>42287457 #>>42287540 #>>42287558 #
1. cassianoleal ◴[01 Dec 24 08:41 UTC] No.42287137[source]
> Even if much of that caring is box ticking rather than actually looking into the security (hello ISO27001), you’d expect it to result in generally a security conscious culture.

If the whole value is in ticking the box, why would that develop a culture that values anything more than the tick?

replies(1): >>42287324 #
2. antonvs ◴[01 Dec 24 09:34 UTC] No.42287324[source]
The cycle usually goes something like box ticking, complacency, security scare, remediation, rinse and repeat.