lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTinr9Efjvbp9RyGdjbm42EA6XGNYJuzK8xzCES4P@mail.gmail.com>
Date: Wed, 8 Sep 2010 12:57:39 -0700
From: BMF <badmotherfsckr@...il.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: [GOATSE SECURITY] Clench: Goatse's way to say
 "screw you" to certificate authorities

On Wed, Sep 8, 2010 at 12:12 PM, Christian Sciberras <uuf6429@...il.com> wrote:
> Call me paranoid, but I stick to the #1 rule of never ever trusting the public.

That is what is good about WoT. You can set the policy on who to
trust. You can trust only yourself, certain people, or $BIGCORP if
that is what you want. Right now your browser by default trusts one of
over 600 different groups, some of which are governments:

http://www.slate.com/id/2265204

> I'd rather have a company pay some good bucks to get their hands on a
> highly trusted certificate than kids who's aim in life is wiping as
> much hard disks as possible.

"highly trusted"? You're joking, right?

> Which also answers why those $10-$20 assholes does a better job than
> the kids we all know about...

"kids" aren't trusted unless that is who you decide to trust.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ