nanog mailing list archives
Re: The state-level attack on the SSL CA security model
From: Martin Millnert <millnert () gmail com>
Date: Fri, 25 Mar 2011 13:53:35 -0400
On Fri, Mar 25, 2011 at 12:19 PM, Akyol, Bora A <bora () pnl gov> wrote:
One could argue that you could try something like the facebook model (or facebook itself). I can see it coming. Facebook web of trust app ;-)
Indeed not very unreasonable at all, except a) it would be kind of unfortunate if Facebook would not make the data available under adequate conditions, b) Facebook can already infer level of relationships between people based on a whole lot of their other data (it's kind of what makes them spin). I agree in seeing it coming though: "Web-of-trust 2.0". soBGP takes on a similar approach to securing BGP. Not a bad idea at all at first sight, IMHO. Anyone knows why it died out and why other (perhaps poorer) ideas are floating around now? http://tools.ietf.org/html/draft-white-sobgp-architecture-02 Regards, Martin
-----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Friday, March 25, 2011 9:05 AM To: Akyol, Bora A Cc: Dobbins, Roland; nanog group Subject: Re: The state-level attack on the SSL CA security model On Fri, 25 Mar 2011 08:36:12 PDT, "Akyol, Bora A" said:Is it far fetched to supplement the existing system with a reputation based model such as PGP? I apologize if this was discussed before.That would be great, if you could ensure the following: 1) That Joe Sixpack actually knows enough somebodies who are trustable to sign stuff. (If Joe doesn't know them, then it's not a web of trust, it's just the same old CA). 2) That Joe Sixpack doesn't blindly sign stuff himself (I've had to on occasion scrape unknown signatures off my PGP key on the keyservers, when people I've never heard of before have signed my key "just because somebody they recognized signed it"). The PGP model doesn't work for users who are used to clicking everything they see, whether or not they really should...
Current thread:
- Re: The state-level attack on the SSL CA security model, (continued)
- Re: The state-level attack on the SSL CA security model Crist Clark (Mar 28)
- Re: The state-level attack on the SSL CA security model Florian Weimer (Mar 29)
- Re: The state-level attack on the SSL CA security model Crist Clark (Mar 29)
- RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
- Re: The state-level attack on the SSL CA security model Valdis . Kletnieks (Mar 25)
- RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
- Re: The state-level attack on the SSL CA security model Dorn Hetzel (Mar 25)
- RE: The state-level attack on the SSL CA security model Akyol, Bora A (Mar 25)
- Re: The state-level attack on the SSL CA security model Valdis . Kletnieks (Mar 25)
- Re: The state-level attack on the SSL CA security model Ariel Biener (Mar 26)
- Re: The state-level attack on the SSL CA security model Martin Millnert (Mar 25)
- Re: The state-level attack on the SSL CA security model Steven Bellovin (Mar 25)
- Re: The state-level attack on the SSL CA security model Joe Sniderman (Mar 25)
- Re: The state-level attack on the SSL CA security model Franck Martin (Mar 25)
- Re: The state-level attack on the SSL CA security model Steven Bellovin (Mar 26)
- Re: The state-level attack on the SSL CA security model Christopher Morrow (Mar 24)
- Re: The state-level attack on the SSL CA security model Leif Nixon (Mar 24)
- Re: The state-level attack on the SSL CA security model Tony Finch (Mar 24)
- Re: The state-level attack on the SSL CA security model Richard Barnes (Mar 24)
- Re: The state-level attack on the SSL CA security model Dan White (Mar 24)