nanog mailing list archives
THe Internet is Too Secure Already (was Re: Buying and selling root certificates)
From: Sean Donelan <sean () donelan com>
Date: Wed, 28 Apr 2004 23:19:48 -0400 (EDT)
On Wed, 28 Apr 2004, Steven M. Bellovin wrote:
Matt Blaze said it well: "A commercial CA will protect you from anyone from whom they won't take money."
With current SSL implementations, you have to rely on all of the commercial CAs not taking the money. Any match wins.
verification that the spoof was detected. Is this good enough? What's your threat model...?
My threat model was simple :-) I wanted to reduce the messages in my logs about certificate verification failures. I could load a few widely used CA's or I could just turn certificate verification off (the default) and the messages would stop. Eric Rescorla gave a good talk at USENIX Security last year called "The Internet is Too Secure Already" http://www.rtfm.com/TooSecure-usenix.pdf Part of his talk was the threat model mismatch on the Internet. - Excessive concern with active attacks - Taking cryptanalytic attacks too seriously - Forgetting about other threats
Current thread:
- Re: Buying and selling root certificates, (continued)
- Re: Buying and selling root certificates Scott Francis (Apr 28)
- Re: Buying and selling root certificates Iljitsch van Beijnum (Apr 29)
- Re: Buying and selling root certificates Robert M. Enger (Apr 29)
- Re: Buying and selling root certificates David Lesher (Apr 29)
- Re: Buying and selling root certificates Stephen Sprunk (Apr 29)
- Re: Buying and selling root certificates Valdis . Kletnieks (Apr 29)
- Re: Buying and selling root certificates David Lesher (Apr 29)
- Re: Buying and selling root certificates Randy Bush (Apr 28)
- Re: Buying and selling root certificates David Lesher (Apr 28)
- THe Internet is Too Secure Already (was Re: Buying and selling root certificates) Sean Donelan (Apr 28)
- Spam handling joe (Apr 28)
- Re: Spam handling Doug White (Apr 28)
- Re: Spam handling Gregh (Apr 28)
- Message not available
- Re: Spam handling Gregh (Apr 28)
- Re: Spam handling joe (Apr 28)