Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Another CA Compromise: TurkTrust

Ruben Bloemgarten ruben at
Thu Jan 3 17:26:30 PST 2013


I think its about time to have CA´s be peer accredited institutes
(EFF/tor/access now/my brother´s sister´s cousin/ whoever) issuing free
or at least at cost certs. That being said, I don´t think certs are very
good at preventing mitm anyway, that might be the case if a majority of
users would have the wherewithal for a more realistic reaction than "ooh
red/green is bad/good", and even then. Love ssl, don´t really care about
certs. So yes, lets dump "trust me, I´ve been certified" in favor of
"you don´t know who I am, but only we know what we´re telling each other."

- Ruben

On 01/04/2013 02:09 AM, Nadim Kobeissi wrote:
> Another CA has been found issuing SSL certificates for Google services.
> Mozilla has acted on the
> issue:
> The weird thing is that it's starting to appear less and less crazy to
> just get rid of the CA system and replace it with… nothing. What do you
> guys think?
> NK
> --
> Unsubscribe, change to digest, or change password at:

More information about the liberationtech mailing list