nanog mailing list archives
Re: Buying and selling root certificates
From: "Stephen Sprunk" <stephen () sprunk org>
Date: Thu, 29 Apr 2004 00:02:44 -0500
Thus spake "Robert E. Seastrom" <rs () seastrom com>
Most of us who are willing to opportunistically do STARTTLS are using self-signed certificates anyway. We do this for many reasons; chief among the reasons I do so are: 1) More encrypted traffic running around the Internet is a _good thing_
This is an oft-overlooked angle... If only sensitive information is encrypted, then the mere use of encryption makes one a target -- one buys a safe only if they have valuables to protect, right? However, if every home came with a safe, how would burglars figure out who to rob? The feds clearly have the power to get through or around encryption suspected criminals are using: the FBI reports that there have been _zero_ cases nationwide over the past several years where the use of encryption has prevented them or other agencies from obtaining the evidence needed, even when "secure" tools like PGP, SSL, or IPsec are used. Unfortunately, one must then assume that other, less honest parties have the same success rate, and so the only defense is to make it impossible to determine _which_ traffic to decrypt and even who is talking to whom. S Stephen Sprunk "Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin
Current thread:
- Buying and selling root certificates Sean Donelan (Apr 28)
- Re: Buying and selling root certificates Robert E. Seastrom (Apr 28)
- Re: Buying and selling root certificates Stephen Sprunk (Apr 28)
- Re: Buying and selling root certificates Scott Francis (Apr 28)
- Re: Buying and selling root certificates Iljitsch van Beijnum (Apr 29)
- Re: Buying and selling root certificates Robert M. Enger (Apr 29)
- Re: Buying and selling root certificates David Lesher (Apr 29)
- Re: Buying and selling root certificates Stephen Sprunk (Apr 29)
- Re: Buying and selling root certificates Valdis . Kletnieks (Apr 29)
- Re: Buying and selling root certificates David Lesher (Apr 29)
- Re: Buying and selling root certificates Stephen Sprunk (Apr 28)
- Re: Buying and selling root certificates Robert E. Seastrom (Apr 28)
- Re: Buying and selling root certificates Randy Bush (Apr 28)
- Re: Buying and selling root certificates David Lesher (Apr 28)