[139074] in North American Network Operators' Group
Re: The state-level attack on the SSL CA security model
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Sat Mar 26 13:48:37 2011
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <C9B3C233.9A5%fmartin@linkedin.com>
Date: Sat, 26 Mar 2011 13:48:27 -0400
To: Franck Martin <fmartin@linkedin.com>
Cc: Joe Sniderman <joseph.sniderman@thoroquel.org>,
"nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 26, 2011, at 12:21 12AM, Franck Martin wrote:
>=20
>=20
> On 3/26/11 15:36 , "Joe Sniderman" <joseph.sniderman@thoroquel.org> =
wrote:
>=20
>> On 03/25/2011 11:12 PM, Steven Bellovin wrote:
>>>=20
>>> On Mar 25, 2011, at 12:19 52PM, Akyol, Bora A wrote:
>>>=20
>>>> One could argue that you could try something like the facebook
>>>> model (or facebook itself). I can see it coming. Facebook web of
>>>> trust app ;-)
>>>>=20
>>> Except, of course, for the fact that people tend to have hundreds of
>>> "friends", many of whom they don't know at all, and who achieved =
that
>>> status simply by asking. You need a much stronger notion of
>>> interaction, to say nothing of what the malware in your "friends'"
>>> computers are doing to simulate such interaction.
>>=20
>> Then again there are all the "friend us for a chance to win $prize"
>> gimmicks... not a far jump to "friend us, _with trust bits enabled_ =
for
>> a chance to win $prize"
>>=20
>> Yeah sounds like a wonderful idea. :P
>=20
> Wasn't PGP based on a web of trust too?
>=20
Yes -- see Valdis' posting on that: =
http://mailman.nanog.org/pipermail/nanog/2011-March/034651.html
--Steve Bellovin, http://www.cs.columbia.edu/~smb
