nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

From: Leigh Porter <leigh.porter () ukbroadband com>
Date: Mon, 12 Sep 2011 13:36:53 +0000



-----Original Message-----
From: Gregory Edigarov [mailto:greg () bestnet kharkov ua]
I.e. instead of a set of trusted CAs there will be one distributed net
of servers, that act as a cert storage?
I do not see how that could help...
Well, I do not even see how can one trust any certificate that is
issued by commercial organization.



There should be a government body to issue certificates then ;-)

But Gregory is right, you cannot really trust anybody completely. Even the larger and more respectable commercial 
organisations will be unable to resist <insert intel organisation here> when they ask for dodgy certs so they can 
intercept something..

No, as soon as you have somebody who is not yourself in control without any third party verifiably independent 
oversight then you have to carefully define what you mean by trust.

--
Leigh Porter


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: