[139033] in North American Network Operators' Group
Re: The state-level attack on the SSL CA security model
daemon@ATHENA.MIT.EDU (Dorn Hetzel)
Fri Mar 25 12:24:24 2011
In-Reply-To: <BECAED262016464A9C59788DA6AC969006B25D9FD1@EMAIL05.pnl.gov>
Date: Fri, 25 Mar 2011 12:24:20 -0400
From: Dorn Hetzel <dorn@hetzel.org>
To: "Akyol, Bora A" <bora@pnl.gov>
Cc: nanog group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Not entirely unreasonable. A button for "friend" and then one for "trusted
friend" :)
On Fri, Mar 25, 2011 at 12:19 PM, Akyol, Bora A <bora@pnl.gov> wrote:
> One could argue that you could try something like the facebook model (or
> facebook itself). I can see it coming.
> Facebook web of trust app ;-)
>
>
>
> -----Original Message-----
> From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
> Sent: Friday, March 25, 2011 9:05 AM
> To: Akyol, Bora A
> Cc: Dobbins, Roland; nanog group
> Subject: Re: The state-level attack on the SSL CA security model
>
> On Fri, 25 Mar 2011 08:36:12 PDT, "Akyol, Bora A" said:
> > Is it far fetched to supplement the existing system with a reputation
> > based model such as PGP? I apologize if this was discussed before.
>
> That would be great, if you could ensure the following:
>
> 1) That Joe Sixpack actually knows enough somebodies who are trustable to
> sign stuff. (If Joe doesn't know them, then it's not a web of trust, it's
> just the same old CA).
>
> 2) That Joe Sixpack doesn't blindly sign stuff himself (I've had to on
> occasion scrape unknown signatures off my PGP key on the keyservers, when
> people I've never heard of before have signed my key "just because somebody
> they recognized signed it").
>
> The PGP model doesn't work for users who are used to clicking everything
> they see, whether or not they really should...
>
>
>
