Not long ago, I noted about the InCommon mess. It is worth repeating that it is certainly not something that was “done carefully”. Last Friday, after quitting time, I got an email from Sectigo—the CA InCommon is migrating away from—that reads, amongst other things:
As schools plan their response to InCommon’s forced migration, many are taking a moment to do their due diligence before locking into a long-term commitment.
This isn’t just a vendor swap, it’s a change in Certificate Authority and backend, which can have lasting operational impact. Changing CAs and backends is not the simplest path forward.
Does that sounds like there is no war at Ba Sing Se?
cryptography rants work