[Cryptography] Fwd: hard to trust all those root CAs
manning
bmanning at karoshi.com
Tue Jul 22 22:21:14 EDT 2014
Begin forwarded message:
> From: manning bill <bmanning at isi.edu>
> Subject: Re: [Cryptography] hard to trust all those root CAs
> Date: July 22, 2014 at 19:14:55 PDT
> To: Sandy Harris <sandyinchina at gmail.com>
> Cc: Cryptography <cryptography at metzdowd.com>
>
> just for fun, replace “china” with “christian” and “dutch” with “jewish”
> and see if this still makes sense..
>
>
> /bill
> PO Box 12317
> Marina del Rey, CA 90295
> 310.322.8102
>
> On 22July2014Tuesday, at 8:04, Sandy Harris <sandyinchina at gmail.com> wrote:
>
>> On Sun, Jul 20, 2014 at 7:04 AM, Lodewijk andré de la porte
>> <l at odewijk.nl> wrote:
>>
>>> 2014-07-20 0:07 GMT+02:00 Jerry Leichter <leichter at lrw.com>:
>>>
>>>> The reason there are so many trusted CA's is that we can't have some
>>>> random browser maker deciding that a Chinese CA isn't trustworthy - that
>>>> violates Chinese sovereignty. (That a Chinese dissident might have very
>>>> strong feelings on this matter is just too bad.)
>>>
>>> That it's something China does not like, and doing something China does not
>>> like can be unwise, I can understand. But China's sovereignty is only
>>> affected when Chinese decide to use the violating browser. Which China can
>>> prevent, which makes it sovereign.
>>>
>>> There's some validity to the argument that you can't just not give China any
>>> root CA's. But there's no validity to the idea that it violates China's
>>> anything. If it makes me (Dutch) more secure, it should be so for me. Maybe
>>> we should introduce a separation of country and code? :P
>>
>> What about restricting the Chinese CA to signing certs in .cn and imposing
>> similar restrictions on other CAs?
>> _______________________________________________
>> The cryptography mailing list
>> cryptography at metzdowd.com
>> http://www.metzdowd.com/mailman/listinfo/cryptography
>
More information about the cryptography
mailing list