[139031] in North American Network Operators' Group
Re: The state-level attack on the SSL CA security model
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Mar 25 12:05:35 2011
To: "Akyol, Bora A" <bora@pnl.gov>
In-Reply-To: Your message of "Fri, 25 Mar 2011 08:36:12 PDT."
<BECAED262016464A9C59788DA6AC969006B25D9FB7@EMAIL05.pnl.gov>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 25 Mar 2011 12:04:59 -0400
Cc: nanog group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1301069099_9854P
Content-Type: text/plain; charset=us-ascii
On Fri, 25 Mar 2011 08:36:12 PDT, "Akyol, Bora A" said:
> Is it far fetched to supplement the existing system with a reputation based
> model such as PGP? I apologize if this was discussed before.
That would be great, if you could ensure the following:
1) That Joe Sixpack actually knows enough somebodies who are trustable to sign
stuff. (If Joe doesn't know them, then it's not a web of trust, it's just the
same old CA).
2) That Joe Sixpack doesn't blindly sign stuff himself (I've had to on occasion
scrape unknown signatures off my PGP key on the keyservers, when people I've
never heard of before have signed my key "just because somebody they recognized
signed it").
The PGP model doesn't work for users who are used to clicking everything they
see, whether or not they really should...
--==_Exmh_1301069099_9854P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFNjL0rcC3lWbTT17ARAhXiAKCtcVI1mPz6BmYibAivLOiv3l7C6QCfXyAk
j88A9cQ5CX5iL2cgZPGNfCU=
=A/po
-----END PGP SIGNATURE-----
--==_Exmh_1301069099_9854P--
