Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Another CA Compromise: TurkTrust

Collin Anderson collin at averysmallbird.com
Thu Jan 3 17:41:26 PST 2013


On Thu, Jan 3, 2013 at 5:26 PM, Ruben Bloemgarten <ruben at abubble.nl> wrote:

> "you don´t know who I am, but only we know what we´re telling each other."


So essentially you and Nadim are arguing that, since CAs fail some of the
time, we should get rid of the whole system and end up in the same position
-- where there is no trust in validating that the person talking to you is
actually who they say they are?

Does anyone believe that users will actually understand the difference?


On Thu, Jan 3, 2013 at 5:26 PM, Ruben Bloemgarten <ruben at abubble.nl> wrote:

> Nadim,
>
> I think its about time to have CA´s be peer accredited institutes
> (EFF/tor/access now/my brother´s sister´s cousin/ whoever) issuing free
> or at least at cost certs. That being said, I don´t think certs are very
> good at preventing mitm anyway, that might be the case if a majority of
> users would have the wherewithal for a more realistic reaction than "ooh
> red/green is bad/good", and even then. Love ssl, don´t really care about
> certs. So yes, lets dump "trust me, I´ve been certified" in favor of
> "you don´t know who I am, but only we know what we´re telling each other."
>
> - Ruben
>
> On 01/04/2013 02:09 AM, Nadim Kobeissi wrote:
> > Another CA has been found issuing SSL certificates for Google services.
> > Mozilla has acted on the
> > issue:
> https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
> >
> > The weird thing is that it's starting to appear less and less crazy to
> > just get rid of the CA system and replace it with… nothing. What do you
> > guys think?
> >
> > NK
> >
> >
> > --
> > Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>



-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130103/be0a36f7/attachment.html>


More information about the liberationtech mailing list