[Cryptography] Introducing the phone-directory certificate
Watson Ladd
watsonbladd at gmail.com
Thu Sep 3 19:31:25 EDT 2015
On Thu, Sep 3, 2015 at 1:58 PM, Salz, Rich <rsalz at akamai.com> wrote:
>> I'd like to propose a new name, the phone- directory certificate.
>
> That's a good name.
>
>> It's reassuring to note that a single certificate is capable of reliably
>> vouching for, well, half the planet.
>
> Only the half that Google owns. Perhaps of more concern would be those deployed by various CDN's (no names), that include a whole bunch of unrelated organizations.
What exactly is a X509 certificate, that enables it to "vouch", and
what does it actually mean? The answer of course is that whatever
entity appears in the certificate desires that this server be
recognized as controlled by it. A great deal of complexity in X509
like policy mapping was meant to support something more, with no
understanding of how useless it would be.
> /r$
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
--
"Man is born free, but everywhere he is in chains".
--Rousseau.
More information about the cryptography
mailing list