[145483] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI, Part II
daemon@ATHENA.MIT.EDU (Paul Tiemann)
Wed Jul 28 18:56:54 2010
From: Paul Tiemann <paul.tiemann.usenet@gmail.com>
In-Reply-To: <20100728123701.168d0769@jabberwock.cb.piermont.com>
Date: Wed, 28 Jul 2010 15:30:08 -0600
Cc: Nicolas Williams <Nicolas.Williams@oracle.com>,
cryptography@metzdowd.com
To: Perry E. Metzger <perry@piermont.com>
On Jul 28, 2010, at 10:37 AM, Perry E. Metzger wrote:
> As to OCSP being a reasonable solution because it can be deployed
> easily, it clearly will not solve the browser security problem. So
> long as security depends on reliance on the lowest common denominator
> among the policies of hundreds of CAs, many of which are quite
> questionable, and so long as the certifications made by even the best
> of those CAs are effectively meaningless, and so long as the users are
> well trained to ignore every browser warning they ever get, the entire
> question of OCSP is somewhat irrelevant -- it would just be a way of
> spritzing the skunk with eau de cologne.
>=20
> I fully recognize that the odds we will fix the browser security
> problem are very low, if only because no one can deploy a truly new
> solution in a world where we can't even get IE 6 to die.
>=20
> However, in discussing this at a high level, as though we could
> improve things, we shouldn't kid ourselves about the current model. It
> is fatally broken. Hanging garlands from the corpse's ears will not
> convince anyone that it has a vibrant future ahead.
"it will CLEARLY not solve the browser security problem."
"the certifications made by even the best of those CAs are effectively =
MEANINGLESS"
"the users are well trained to ignore EVERY browser warning they EVER =
get"
"the ENTIRE question of OCSP is somewhat irrelevant."
"spritzing the SKUNK with eau de cologne."
"hanging garlands from the corpses ears."
That's all expressed in very certain terms.
Is OCSP _that_ hopeless? =20
You were kind enough to suggest Orwell to Jay at Edgecast (and possibly =
also to me.) I read it, liked it, and I'm glad you sent it. I =
sincerely think we can all learn from these two references:
A great essay by Neil Postman:
=
http://criticalsnips.wordpress.com/2007/07/22/neil-postman-bullshit-and-th=
e-art-of-crap-detection/
And Ben Franklin's advice, with one paragraph excerpted below:
=
http://grammar.about.com/b/2009/06/01/how-to-argue-like-ben-franklin-and-l=
ieutenant-columbo.htm
And as the chief Ends of Conversation are to inform or to be informed, =
to please or to persuade, I wish well-meaning sensible men would not =
lessen their Power of doing Good by a Positive assuming Manner that =
seldom fails to disgust, tends to create Opposition, and to defeat every =
one of those Purposes for which Speech was given to us, to wit, giving =
or receiving Information or Pleasure: For If you would inform, a =
positive dogmatical Manner in advancing your Sentiments, may provoke =
Contradiction & prevent a candid Attention. If you wish Information and =
Improvement from the Knowledge of others and yet at the same time =
express your self as firmly fix'd in your present Opinions, modest =
sensible Men, who do not love Disputation, will probably leave you =
undisturb'd in the Possession of your Error; and by such a Manner you =
can seldom hope to recommend your self in pleasing your Hearers, or to =
persuade those whose Concurrence you desire.
(Part One of The Autobiography of Benjamin Franklin, 1793; from The =
Library of America edition of Benjamin Franklin: Writings, 1987)
All the best,
Paul Tiemann
(DigiCert)=
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
