Security by asking the drunk whether he's drunk

Peter Gutmann pgut001 at
Fri Dec 26 02:39:50 EST 2008

dan at writes:

>I'm hoping this is just a single instance but it makes you remember that the
>browser pre-trusted certificate authorities really needs to be cleaned up.

Given the more or less complete failure of commercial PKI for both SSL web 
browsing and code-signing (as evidenced by the multibillion-dollar cybercrime 
industry freely doing all the things that SSL certs and code-signing were 
supposed to prevent them from doing), it's not so much "cleaned up" as 
"replaced with something that may actually work".  Adding support for a 
service like Perspectives (discussed here a month or two back) would be a good 
start since it provides some of the assurance that a commercial PKI can't (and 
as an additional benefit it also works for SSH servers, since it's not built 
around certificates).

So, when will Google add Perspectives support to their search database? :-).


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list