nanog mailing list archives

Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

From: Valdis.Kletnieks () vt edu
Date: Mon, 12 Sep 2011 16:41:03 -0400

On Mon, 12 Sep 2011 22:31:59 +0200, Måns Nilsson said:

Since you are from Sweden, and in an IT job, you probably have personal
relations to someone who has personal relations to one of the swedes
or other nationalities that were present at the key ceremonies for the
root. Once you've established that the signatures on the root KSK are good
(which -- because of the above -- should be doable OOB quite easily for
you) you can start validating the entire chain of trust.

Quite trivial, in fact.


I'll note that the PGP "strongly connected set" has grown all the way to 45,000
or so keys in 2 decades of growth.  There are several billion Internet users. What
may be workable for Fredrik is probably *not* scalable to Joe Sixpack.

Attachment: _bin
Description:

Current thread:

Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates, (continued)
- - - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Bjørn Mork (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Joel jaeggli (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates sthaug (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Martin Millnert (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates Damian Menscher (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Joe Greco (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Marcus Reid (Sep 11)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Valdis . Kletnieks (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases fredrik danerklint (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Måns Nilsson (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Valdis . Kletnieks (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases fredrik danerklint (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Måns Nilsson (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Tony Finch (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases fredrik danerklint (Sep 12)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Tei (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Brett Frankenberger (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Peter Kristolaitis (Sep 13)
    - Re: Microsoft deems all DigiNotar certificates untrustworthy, releases David Israel (Sep 13)

(Thread continues...)