Full Disclosure mailing list archives
Re: [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities
From: Christian Sciberras <uuf6429 () gmail com>
Date: Wed, 8 Sep 2010 21:04:33 +0200
So now it's a matter of scaling? I'd rather stay on the grounds of certificates, where scaling has been one of the primary focuses since the early 2k. In my opinion it's pretty much useless reinventing the wheel; the idea behind certificates is as much a security medium as is the party being actively recognized. Back to your implementation, you need to know who the passphrase is coming from and most importantly, you need means to verify that party. So it boils down to who's dictating who is trusted or not. You or Them. On Wed, Sep 8, 2010 at 8:53 PM, Andrew Auernheimer <gluttony () gmail com> wrote:
This is no different then installing a client certYes, exactly. This is as equally secure as installing a client cert. Except it is achieved without a client cert, using only a password, in a manner that can be more easily scaled to lots of users.Trying to not sound like a dick, dvs.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities, (continued)
- Re: [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities BMF (Sep 08)
- Re: [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities Christian Sciberras (Sep 08)
- Re: [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities Harry Strongburg (Sep 08)
- Re: [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities Tim (Sep 08)
- Re: [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities Christian Sciberras (Sep 08)
- Re: [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities Christian Sciberras (Sep 08)
- Re: [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities Tim (Sep 08)
- Re: [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities Shreyas Zare (Sep 09)