[Cryptography] Google distrusts Symantec for mis-issuing 30, 000 HTTPS certs

Henry Baker hbaker1 at pipeline.com
Sat Mar 25 09:15:53 EDT 2017 

At 05:33 AM 3/25/2017, Theodore Ts'o wrote:
>On Fri, Mar 24, 2017 at 03:55:09PM -0700, Henry Baker wrote:
>> 
>> Instead of screwing around with and/or against Russians, how's about
>> Congress getting back to business and fixing the d*mn DNS and CERT
>> systems?
>
>Fix them *how*?  Why don't you give a concrete proposal, which can be
>evaluated on its merits?
>
>Do you want to let US Government issue the certs?  Now we have to
>trust the US intelligence and law enforcement community not to
>secretly screw with the certification system.  Feel free to ask the
>Germans how they would feel about that.
>
>Do you want the US government to be dictating to Google and Mozilla,
>and all other browsers suppliers, which certs should be trusted by
>default in the US?  See previous concern.  Also in that case, what
>stops Iran and China and Russian from dictating to browser suppliers
>what certs must be trusted by default to citizens of their country?

We're already there: Google "China", "Turkey", "North Korea", etc.

>It's really easy to complain about the current system.  But coming up
>with a better solution can often be harder.  To update a certain quote
>from the musican Hamilton (and which might also be easily applicable
>to a certain political party these days):
>
>        "Flaming is easy; Governing is harder"

The current system of Internet governance isn't working; we have
Google making sure that the world is easy for Google to surveil,
we have Apple making sure that the world is easy for Apple to
surveil, we have Microsoft making sure that the world is easy
for Microsoft to surveil, we have Mozilla making sure that the
world is easy for Netflix to surveil; where's the part that
ensures the Internet is an open place for individuals like
you and me?

There are plenty of *individuals* working for the above-
mentioned corporations who have the best of intentions,
but don't hold your breath waiting for good results from
them: they weren't hired to buck their corporate objectives.

We are but one step away from a 21st century rhyme of the
oppression of the 20th, but this time we won't need an
army of bureaucrats, apparatchiks and "Good Germans" as
enforcers -- those functions have all been automated.

The ever-efficient technocratic Chinese are showing us
the way, and Google, Apple & Microsoft have fallen over
one another to help the Chinese figure out the best and
cheapest means to enslave their citizens.

Forget "self-deportation".  The Chinese already have
self-censorship, and thanks to the above-mentioned
corporations, these tried-and-tested means will be
cut-and-pasted into the rest of the world.

Under the guise of stamping out "fake news" and
upholding the "right to be forgotten", we're getting
a Ministry of Truth to protect us snowflakes from
any unpleasant challenges to our snowflakiness.

I'm sorry if I sound like the "nerd harder"
politicians; but perhaps we need to "nerd harder",
but instead of nerding harder in the service of
Google/Apple/Facebook/Microsoft, we need to nerd
harder in the service of a free citizenry.

There have been many proposals for distributed
trust systems, but so far, they haven't gotten
much traction -- perhaps because a truly tight
system might threaten the ability of Google or
others to sell us ordinary citizens to their
advertisers, or the ability of the Chinese &
other governments to cheaply surveil its
citizens.

More information about the cryptography mailing list