On Mon, 12 Sep 2011 07:53:57 -0700 Michael Thomas <mike@mtcc.com> wrote:
Randy Bush wrote:
But Gregory is right, you cannot really trust anybody completely. Even the larger and more respectable commercial organisations will be unable to resist <insert intel organisation here> when they ask for dodgy certs so they can intercept something..
No, as soon as you have somebody who is not yourself in control without any third party verifiably independent oversight then you have to carefully define what you mean by trust.
i am having trouble with all this. i am supposed to only trust myself to identify citibank's web site? and what to i smoke to get that knowledge? let's get real here.
with dane, i trust whoever runs dns for citibank to identify the cert for citibank. this seems much more reasonable than other approaches, though i admit to not having dived deeply into them all.
It seems to me that this depends a lot on how much you can tolerate single points of failure. The current de-trusting is certainly going to cause trouble for whoever used that CA, but the internet didn't roll over and die either. If the root DNS keys were compromised in an all DNS rooted world... unhappiness would ensue in great volume.
Mike, poison and choices...
let me state clearly what am I writing about: ok, suppose, there is a site on the internet, that has a certificate issued by one of the major CAs. how could one know, that certificate wasn't issued to forged identity?