[Cryptography] Google distrusts Symantec for mis-issuing 30, 000 HTTPS certs
William Allen Simpson
william.allen.simpson at gmail.com
Fri Mar 24 16:40:44 EDT 2017
On 3/24/17 10:28 AM, Henry Baker wrote:
> While I applaud Google *in this instance*, what happens when Google starts doing evil?
>
As always, we'll just have to cross that bridge when we come to it.
> Why should I trust Google?
>
You shouldn't. Google is a company (now a collection of companies),
not a person. Since trust is not transitive, although I trust several
folks at Google, that doesn't mean that I blindly trust Google.
The person who caught this at Google has proven trustworthy, and
Semantic as a company has proven untrustworthy (not the first time).
> Why do I have to trust Google?
>
You don't. AFAIK, there's no reason that you cannot use another
provider of HTTPS certificate verification.
However, you know the old saying: Trust but Verify.
More information about the cryptography
mailing list