nanog mailing list archives

Re: The state-level attack on the SSL CA security model

From: Valdis.Kletnieks () vt edu
Date: Fri, 25 Mar 2011 12:04:59 -0400

On Fri, 25 Mar 2011 08:36:12 PDT, "Akyol, Bora A" said:

Is it far fetched to supplement the existing system with a reputation based
 model such as PGP? I apologize if this was discussed before.


That would be great, if you could ensure the following:

1) That Joe Sixpack actually knows enough somebodies who are trustable to sign
stuff. (If Joe doesn't know them, then it's not a web of trust, it's just the
same old CA).

2) That Joe Sixpack doesn't blindly sign stuff himself (I've had to on occasion
scrape unknown signatures off my PGP key on the keyservers, when people I've
never heard of before have signed my key "just because somebody they recognized
signed it").

The PGP model doesn't work for users who are used to clicking everything they
see, whether or not they really should...

Attachment: _bin
Description:

Current thread:

Re: The state-level attack on the SSL CA security model, (continued)
- - - Re: The state-level attack on the SSL CA security model Franck Martin (Mar 24)
    - Re: The state-level attack on the SSL CA security model George Herbert (Mar 24)
    - Re: The state-level attack on the SSL CA security model Joakim Aronius (Mar 25)
    - Re: The state-level attack on the SSL CA security model Owen DeLong (Mar 25)
    - Re: The state-level attack on the SSL CA security model Florian Weimer (Mar 25)
    - Re: The state-level attack on the SSL CA security model Dobbins, Roland (Mar 25)
    - Re: The state-level attack on the SSL CA security model Crist Clark (Mar 28)
    - Re: The state-level attack on the SSL CA security model Florian Weimer (Mar 29)
    - Re: The state-level attack on the SSL CA security model Crist Clark (Mar 29)
    - RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
    - Re: The state-level attack on the SSL CA security model Valdis . Kletnieks (Mar 25)
    - RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
    - Re: The state-level attack on the SSL CA security model Dorn Hetzel (Mar 25)
    - RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
    - Re: The state-level attack on the SSL CA security model Valdis . Kletnieks (Mar 25)
    - Re: The state-level attack on the SSL CA security model Ariel Biener (Mar 26)
    - Re: The state-level attack on the SSL CA security model Martin Millnert (Mar 25)
    - Re: The state-level attack on the SSL CA security model Steven Bellovin (Mar 25)
    - Re: The state-level attack on the SSL CA security model Joe Sniderman (Mar 25)
    - Re: The state-level attack on the SSL CA security model Franck Martin (Mar 25)
    - Re: The state-level attack on the SSL CA security model Steven Bellovin (Mar 26)

(Thread continues...)