[Cryptography] "Trust in digital certificate ecosystem eroding"
ben at links.org
Fri May 1 18:47:48 EDT 2015
On 1 May 2015 at 23:35, Andreas Junius <andreas.junius at gmail.com> wrote:
> On 01/05/15 18:38, Ben Laurie wrote:
>> On 30 April 2015 at 23:34, Andreas Junius <andreas.junius at gmail.com>
>>> I for example know exactly that I'll never need to trust TURKTRUST,
>>> I don't know Turkish.
>> This idea is attractive, but incorrect. All CAs are empowered to issue
>> certs for all domains. Although its likely that most certs issued by
>> Turktrust are indeed for Turkish sites, it is by no means guaranteed
>> to be true for all. What's more, Turks do speak English, amazingly, so
>> even Turkish sites might be useful to English speakers.
> You may have missed my point. What I wanted to say is that there are now so
> many CA's that it is almost unmanageable. Therefore the average user stopped
> to trust these "trusted entities" altogether and "trusts" now for instance
> their browser vendor.
> That is why e.g. Mozilla has clear directions of what to follow to get into
> Firefox' trust-store.
> In other words, the user trusts a third-party to pick the right
> third-parties that we can trust...
> This is not what pkix is about and this is the problem I wanted to
> highlight. There is trust in some other entity that has no mandate
> whatsoever for this,
None of this is news. I fail to see what any of it has to do with
TURKTRUST and your knowledge of Turkish.
>to solve a problem that wasn't obvious about 20 years
> ago when the system got introduced.
I'm pretty sure this problem was obvious 20 years ago.
More information about the cryptography