[144417] in North American Network Operators' Group
RE: Microsoft deems all DigiNotar certificates untrustworthy,
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Sun Sep 11 15:00:42 2011
Date: Sun, 11 Sep 2011 13:00:09 -0600
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "North American Network Operators Group" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Damian Menscher wrote on 2011-09-11:
> Because of that lost trust, any cross-signed cert would likely be
> revoked by the browsers. It would also make the browser vendors
> question whether the signing CA is worthy of their trust.
And therein is the root of the problem: Trustworthiness is assessed by=
what you refer to as the "browser vendors". Unfortunately, there is n=
o Trustworthiness assessment of those vendors.
The current system provides no more authentication or confidentiality t=
han if everyone simply used self-signed certificates. It is nothing mo=
re than theatre and provides no actual security benefit whatsoever. An=
yone believing otherwise is operating under a delusion.
--- Keith Medcalf
() ascii ribbon campaign against html e-mail
/\ www.asciiribbon.org
