[dundee] Finux on about SSL again
Kris Davidson
davidson.kris at gmail.com
Sat Sep 4 23:03:52 UTC 2010
Interesting idea, presumably some things are still picking up
certificates from ca-certificates | /etc/ssl/ though not Firefox. I
debated running my own CA for a while, I used to buy certs but just
went with getting everything signed by http://www.cacert.org/.
Unless you're an e-commerce site, a bank or something else in that
area where widespread non-technical public trust is required. I don't
see the point in buying certs any more.
Okay now onto that guy, I'm all for paranoia and perhaps at a DEFCON
convention it's probably a good idea to do stuff like this he just
seems to be ignoring the forest for the trees on this one. As for the
trust issue, I do think CAs and domain registrars ( even ignoring the
security stuff on this one, people just mess up DNS and domain camp)
should do more vetting of customers. It costs some where in the region
of 10k to 50k - depending on several variables - to become a CA, I
think a process should be put in place for removing a CA if they issue
too many dodgy certificates and don't revoke them in a timely fashion.
Kris
On 4 September 2010 20:58, Arron M Finnon <finux at finux.co.uk> wrote:
> Would help if i added the link
>
> https://blog.torproject.org/blog/life-without-ca
>
> On Sat, 2010-09-04 at 20:57 +0100, Arron M Finnon wrote:
>> Sorry guys, i know i bore most of you if not all of you with my
>> incessant ranting about SSL, but i came across this post and i quite
>> like what the dude is doing. I could very well implement this
More information about the dundee
mailing list