lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Sep 2010 22:37:33 +0200 From: Christian Sciberras <uuf6429@...il.com> To: Tim <tim-security@...tinelchicken.org> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities > However, why don't we have server certificates with multiple > independent CA signatures? Tim, I find that concept very interesting. Cheers, Chris. On Wed, Sep 8, 2010 at 10:34 PM, Tim <tim-security@...tinelchicken.org> wrote: >> > I'd rather have a company pay some good bucks to get their hands on a >> > highly trusted certificate than kids who's aim in life is wiping as >> > much hard disks as possible. >> > Which also answers why those $10-$20 assholes does a better job than >> > the kids we all know about... >> >> Same. I would rather trust a large company that doesn't care about >> anything except for my cash, instead of developing a different framework >> that is not based around money. > > I think you're on to something there, in that if a company's business > model were completely built on trust, then they would actually want to > protect that and not give up keys to governments. > > However, why don't we have server certificates with multiple > independent CA signatures? From there, browsers/clients could be > written to be more suspicious of single-signature Sub-CAs signed by > CAs that aren't considered as safe/trustworthy (based on whatever > political prejudices you choose). > > SSL PKI won't work if it's as flexible as PGP's web of trust, but > there's no reason it needs to be as fragile as it is now. > > tim > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists