nanog mailing list archives

Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

From: Måns Nilsson <mansaxel () besserwisser org>
Date: Mon, 12 Sep 2011 23:03:36 +0200

Subject: Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Date: Mon, Sep 12, 2011 at 10:42:35PM 
+0200 Quoting fredrik danerklint (fredan-nanog () fredan se):

Quite trivial, in fact.


and how about a end user, who doesn't understand a computer at all, to be able 
verify the signatures, correctly?


Joe Sixpack clicks through today. He will, too, later, but, one of
the Fine Things with DANE is that no entity can produce valid data for
anything outside its own domain(s). Damage limitation is quite important,
while admittingly not being the silver bullet.

The existence of a free and secure chain of trust will put a price
pressure on DV certificates, which just might create a situation where
the marginal cost for doing TLS is so low that it is hard to set up a
web site without.

Taken together, this creates a situation where valid, verified
certificates are the norm, for real, which makes it all the more possible
to flag the exceptions much more annoyingly. Perhaps even refuse to
open them.
-- 
Måns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
... this must be what it's like to be a COLLEGE GRADUATE!!

Attachment: signature.asc
Description: Digital signature

Current thread:

Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates, (continued)
- - - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates sthaug (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Martin Millnert (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Damian Menscher (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Joe Greco (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Marcus Reid (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Valdis . Kletnieks (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases fredrik danerklint (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Måns Nilsson (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Valdis . Kletnieks (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases fredrik danerklint (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Måns Nilsson (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Tony Finch (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases fredrik danerklint (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Tei (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Brett Frankenberger (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Peter Kristolaitis (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases David Israel (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Valdis . Kletnieks (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)

(Thread continues...)