[139060] in North American Network Operators' Group
Re: The state-level attack on the SSL CA security model
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Fri Mar 25 23:12:34 2011
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <BECAED262016464A9C59788DA6AC969006B25D9FD1@EMAIL05.pnl.gov>
Date: Fri, 25 Mar 2011 23:12:29 -0400
To: "Akyol, Bora A" <bora@pnl.gov>
Cc: nanog group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 25, 2011, at 12:19 52PM, Akyol, Bora A wrote:
> One could argue that you could try something like the facebook model =
(or facebook itself). I can see it coming.
> Facebook web of trust app ;-)
>=20
Except, of course, for the fact that people tend to have hundreds of =
"friends", many of whom they don't know at all, and who achieved that =
status simply by asking. You need a much stronger notion of =
interaction, to say nothing of what the malware in your "friends'" =
computers are doing to simulate such interaction.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
