nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The state-level attack on the SSL CA security model

From: Steven Bellovin <smb () cs columbia edu>
Date: Sat, 26 Mar 2011 13:48:27 -0400

On Mar 26, 2011, at 12:21 12AM, Franck Martin wrote:




On 3/26/11 15:36 , "Joe Sniderman" <joseph.sniderman () thoroquel org> wrote:


On 03/25/2011 11:12 PM, Steven Bellovin wrote:


On Mar 25, 2011, at 12:19 52PM, Akyol, Bora A wrote:


One could argue that you could try something like the facebook
model (or facebook itself). I can see it coming. Facebook web of
trust app ;-)


Except, of course, for the fact that people tend to have hundreds of
"friends", many of whom they don't know at all, and who achieved that
status simply by asking.  You need a much stronger notion of
interaction, to say nothing of what the malware in your "friends'"
computers are doing to simulate such interaction.


Then again there are all the "friend us for a chance to win $prize"
gimmicks... not a far jump to "friend us, _with trust bits enabled_ for
a chance to win $prize"

Yeah sounds like a wonderful idea. :P


Wasn't PGP based on a web of trust too?


Yes -- see Valdis' posting on that: http://mailman.nanog.org/pipermail/nanog/2011-March/034651.html


                --Steve Bellovin, http://www.cs.columbia.edu/~smb
Previous By Date Next
Previous By Thread Next

Current thread: