[Cryptography] distrusted root CA: WoSign

Stephen Farrell stephen.farrell at cs.tcd.ie
Mon Oct 3 20:58:24 EDT 2016



On 04/10/16 00:54, Peter Gutmann wrote:
> Stephen Farrell <stephen.farrell at cs.tcd.ie> writes:
> 
>> I'm biased, but though EFF do fantastic work, I don't think they're that open
>> in the sense most relevant here. That said, I think either your or Rich's
>> postulated futures would be better than the status quo - which of those would
>> be the "betterest" is probably moot however.
> 
> Yeah, the EFF was just the first thing that came to mind.  I realise it's a
> bit of a gedanken experiment, but this is one situation where the "open"
> process (anyone can join, so the vested interests are most strongly motivated
> to do so) actually works against you.  

Well, fwiw, I disagree. Vested interests, when they exist and have
money, will find a way to vest their interests. Being open to all
comers and accountable is a good (maybe best?) defence against that,
at the exact same time as that openness makes one very clearly
vulnerable to that exact same threat. (Less obviously vulnerable
is not in itself desirable I think.)

But that kind of openness doesn't require such venerable (though
still IMO fine) things as an IETF. A well setup open-source effort
can do just as well if there aren't too many interested parties.
(Once there are, it'd evolve to become an IETF-like thing anyway
given some time and the typical personality-types involved in
this kind of thing;-)

> You'd need something in the style of
> the committee/board often set up by governments to discuss public-interest
> issues with a fixed number of representatives of each segment on it.  I'm sure
> this isn't the first time this problem has had to be solved in the field of
> politics...

Yuk. I remember how the ABA and various electronic signature
laws made PKI even worse. I really don't think we want to add
more non-repudiation bits or similar. Adding lawyers for fun is
not any part of an answer here. Subtracting some may be a start.

But... we may be wandering off-topic for this list maybe.

S.


> 
> Peter.
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3840 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161004/7ebb2381/attachment.bin>


More information about the cryptography mailing list