[Cryptography] Is it time for a revolution to replace TLS?
grarpamp
grarpamp at gmail.com
Tue May 13 20:08:57 EDT 2014
> 1) There is a connection between these three threads. It seems
> to me that 6845 forged certificates is 6845 too many. It is proof
> that TLS has failed in its primary mission.
Err, that x509 has failed as implemented in the 'global' CA model.
There never was the 'one true CA' [1], housed at ARIN or the UN
or some such, from which all downstream CA's [revokeably] spawn.
It's really just who pays and doc's up enough to be put in NSS as a
commercial competitor. And that only covers rogue / counter CPS
CA's, not all the click-to-accept mitm stuff outside of that.
[1] It would be interesting to research the very first NSS CA entries
such as with navigator or with MS browser 15+ years ago. And any
divergence from early acceptance/hierarchy models.
More information about the cryptography
mailing list