[Cryptography] Google distrusts Symantec for mis-issuing 30, 000 HTTPS certs
Theodore Ts'o
tytso at mit.edu
Sat Mar 25 08:33:08 EDT 2017
On Fri, Mar 24, 2017 at 03:55:09PM -0700, Henry Baker wrote:
>
> Instead of screwing around with and/or against Russians, how's about
> Congress getting back to business and fixing the d*mn DNS and CERT
> systems?
Fix them *how*? Why don't you give a concrete proposal, which can be
evaluated on its merits?
Do you want to let US Government issue the certs? Now we have to
trust the US intelligence and law enforcement community not to
secretly screw with the certification system. Feel free to ask the
Germans how they would feel about that.
Do you want the US government to be dictating to Google and Mozilla,
and all other browsers suppliers, which certs should be trusted by
default in the US? See previous concern. Also in that case, what
stops Iran and China and Russian from dictating to browser suppliers
what certs must be trusted by default to citizens of their country?
It's really easy to complain about the current system. But coming up
with a better solution can often be harder. To update a certain quote
from the musican Hamilton (and which might also be easily applicable
to a certain political party these days):
"Flaming is easy; Governing is harder"
Cheers,
- Ted
More information about the cryptography
mailing list