[Cryptography] Google distrusts Symantec for mis-issuing 30, 000 HTTPS certs
Henry Baker
hbaker1 at pipeline.com
Fri Mar 24 18:55:09 EDT 2017
At 01:56 PM 3/24/2017, John Levine wrote:
>>While I applaud Google *in this instance*, what happens when Google starts doing evil?
>>Why should I trust Google?
>>Why do I have to trust Google?
>
>I dunno, but if you're using the Chrome browser, you have presumably already answered those questions to your own satisfaction. If not, there are other browsers.
Perhaps my questions weren't clear.
What I really want to know is: in the evolution of the internet, how did we come to the point where I have to trust a single choke-point of failure--Google--in order to transact any business?
No, I don't think that Google is evil--at least not right this second. But I don't recall Google ever being on the ballot in any governmental election I've ever voted in, and I've voted in nearly every election that I've been eligible to vote in.
Right now, I have to trust Google to even *access* a federal or state government site.
One error (or quote-error-unquote, ahem) by Google -- like the recent one at AWS -- could disconnect me (and nearly everyone else) from every government web site, email, bank, cellphone carrier, cable company, etc.
I can't imagine that any non-US govts are pleased about this state of affairs, either.
Instead of screwing around with and/or against Russians, how's about Congress getting back to business and fixing the d*mn DNS and CERT systems?
Who gives a rat's ass about whether the Russkies played man-in-the-middle-diddle with DNC (or whether John Podesta is smarter than a 5th grader); how's about fixing the d*mn system so that the Russkies couldn't do this even if they wanted to?
More information about the cryptography
mailing list