[139062] in North American Network Operators' Group
Re: The state-level attack on the SSL CA security model
daemon@ATHENA.MIT.EDU (Franck Martin)
Sat Mar 26 00:19:47 2011
From: Franck Martin <fmartin@linkedin.com>
To: Joe Sniderman <joseph.sniderman@thoroquel.org>, "nanog@nanog.org"
<nanog@nanog.org>
Date: Sat, 26 Mar 2011 04:21:12 +0000
In-Reply-To: <4D8D5F2C.4050402@thoroquel.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 3/26/11 15:36 , "Joe Sniderman" <joseph.sniderman@thoroquel.org> wrote:
>On 03/25/2011 11:12 PM, Steven Bellovin wrote:
>>=20
>> On Mar 25, 2011, at 12:19 52PM, Akyol, Bora A wrote:
>>=20
>>> One could argue that you could try something like the facebook
>>> model (or facebook itself). I can see it coming. Facebook web of
>>> trust app ;-)
>>>=20
>> Except, of course, for the fact that people tend to have hundreds of
>> "friends", many of whom they don't know at all, and who achieved that
>> status simply by asking. You need a much stronger notion of
>> interaction, to say nothing of what the malware in your "friends'"
>> computers are doing to simulate such interaction.
>
>Then again there are all the "friend us for a chance to win $prize"
>gimmicks... not a far jump to "friend us, _with trust bits enabled_ for
>a chance to win $prize"
>
>Yeah sounds like a wonderful idea. :P
Wasn't PGP based on a web of trust too?
