[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] keyserver.cns.vt.edu updates
|
From: |
Matthew Palmer |
|
Subject: |
Re: [Sks-devel] keyserver.cns.vt.edu updates |
|
Date: |
Fri, 14 Oct 2011 21:22:48 +1100 |
|
User-agent: |
Mutt/1.5.20 (2009-06-14) |
On Fri, Oct 14, 2011 at 02:42:39AM -0400, Robert J. Hansen wrote:
> On 10/14/2011 1:39 AM, oakwhiz wrote:
> > In my opinion, you're better off with a self-signed certificate,
> > because you cannot trust the certificate authorities not to sign a
> > fake certificate for use in a man-in-the-middle attack.
>
> Although there are certainly some unreliable CAs (Diginotar as an
> obvious example), I think it's a leap to go from that to saying there
> exist *no* reliable CAs.
We're getting a bit off-topic here, but the problem is that it only takes
one unreliable-but-widely-trusted CA to sign a cert for your site and you're
just as hosed as if there *aren't* any reliable CAs. If, on the other hand,
you *can* tie down trust to a single CA certificate (say you're running a
closed system with known clients), then you can just create and use your own
local CA, and avoid the whole commercial CA scam to begin with.
- Matt
- [Sks-devel] keyserver.cns.vt.edu updates, Phil Benchoff, 2011/10/13
- Message not available
- Re: [Sks-devel] keyserver.cns.vt.edu updates, oakwhiz, 2011/10/14
- Re: [Sks-devel] keyserver.cns.vt.edu updates, Robert J. Hansen, 2011/10/14
- Re: [Sks-devel] keyserver.cns.vt.edu updates,
Matthew Palmer <=
- [Sks-devel] 3 million keys, Sebastian Urbach, 2011/10/14
- Re: [Sks-devel] 3 million keys, Gabor Kiss, 2011/10/15
- Re: [Sks-devel] 3 million keys & and community help requested, John Clizbe, 2011/10/15
- Re: [Sks-devel] 3 million keys & and community help requested, Robert J. Hansen, 2011/10/15