Seems reasonable to me. Although it's not ideal to distrust without a "smoking gun", it is (as pointed out) inadmissible for any ties to exist between a CA and a malware company.
Seeing how a closer look by Mozilla, Google and Apple into publicly available data quickly turned up more points of suspicion, I wonder how much scrutiny is put into CAs in general, and whether it's enough. Mozilla currently lists 148 trusted certificates [0] (soon to be 145, with TrustCor's departure).
Seeing how a closer look by Mozilla, Google and Apple into publicly available data quickly turned up more points of suspicion, I wonder how much scrutiny is put into CAs in general, and whether it's enough. Mozilla currently lists 148 trusted certificates [0] (soon to be 145, with TrustCor's departure).
[0] https://ccadb-public.secure.force.com/mozilla/CACertificates...