lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Sep 2010 16:08:20 -0400 From: Larry Seltzer <larry@...ryseltzer.com> To: BMF <badmotherfsckr@...il.com>, Full Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities It's true that conventional certs have been completely devalued by the bottom-feeders. This is a good argument for EV. Goatse may dismiss EV as a joke, but there are very few EV CAs and none of them are TELECOM MINISTRY OF BUTTFUCKISTAN. The spec requires that they authenticate the operation of the entity and include other fields about it that software can check. EV's not a good solution for everything and it's expensive because there's real work in doing what you have to do, but it would address a lot of the problems discussed here. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists