Hell, for DOD systems on secure networks, you're *required* to remove all of the... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

count on Sept 1, 2011 | parent | context | favorite | on: Iran forged the wrong SSL certificate

Hell, for DOD systems on secure networks, you're required to remove all of the non-DOD root CAs. No DigiNotar or GoDaddy or the hundreds of others allowed.

rdl on Sept 1, 2011 [–]

DoD systems on secure networks shouldn't have IP connectivity outside DoD, though. The only issue is code signing keys for activex/java. (which really shouldn't exist on DoD secure networks either, but they've fully drunk the MS kool-aid)

count on Sept 5, 2011 | [–]

That would be in a perfect world. Unfortunately, the world is pretty messy.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact