[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <c0b3826d164fbedaa1b01e57836fd75a@mail.gmail.com>
Date: Wed, 8 Sep 2010 16:08:20 -0400
From: Larry Seltzer <larry@...ryseltzer.com>
To: BMF <badmotherfsckr@...il.com>,
Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: [GOATSE SECURITY] Clench: Goatse's way to say
"screw you" to certificate authorities
It's true that conventional certs have been completely devalued by the
bottom-feeders. This is a good argument for EV. Goatse may dismiss EV as a
joke, but there are very few EV CAs and none of them are TELECOM MINISTRY
OF BUTTFUCKISTAN. The spec requires that they authenticate the operation
of the entity and include other fields about it that software can check.
EV's not a good solution for everything and it's expensive because there's
real work in doing what you have to do, but it would address a lot of the
problems discussed here.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists