Security by asking the drunk whether he's drunk
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Dec 26 02:39:50 EST 2008
dan at geer.org writes:
>I'm hoping this is just a single instance but it makes you remember that the
>browser pre-trusted certificate authorities really needs to be cleaned up.
Given the more or less complete failure of commercial PKI for both SSL web
browsing and code-signing (as evidenced by the multibillion-dollar cybercrime
industry freely doing all the things that SSL certs and code-signing were
supposed to prevent them from doing), it's not so much "cleaned up" as
"replaced with something that may actually work". Adding support for a
service like Perspectives (discussed here a month or two back) would be a good
start since it provides some of the assurance that a commercial PKI can't (and
as an additional benefit it also works for SSH servers, since it's not built
around certificates).
So, when will Google add Perspectives support to their search database? :-).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list