[Cryptography] distrusted root CA: WoSign

Georgi Guninski guninski at guninski.com
Mon Oct 3 13:35:21 EDT 2016


On Mon, Oct 03, 2016 at 02:54:45AM +0000, Peter Gutmann wrote:
> Right, and that's the standard excuse for PKI, "it's not guaranteed to do
> anything, and that's exactly what it does".  So why are we paying millions?
> billions? of dollars a year for it then?  It's pure snake oil [0].
> 
...

> [0] Again, this may be a bit of a difficult claim to substantiate, because 
>     snake oil at least claims to solve all manner of problems, while PKI 
>     just is.  As Ben rightly points out, it doesn't address phishing, it
>     doesn't address malware, it doesn't...  Perhaps we should paraphrase 
>     Pauli to say that "it's not even snake oil".

Can the people (aka sheeple) do anything to change the CA/vendor situation
(possibly screwing the CAs/vendors with a chainsaw)?


More information about the cryptography mailing list