[144446] in North American Network Operators' Group
RE: Why are we still using the CA model? (Re: Microsoft deems all
daemon@ATHENA.MIT.EDU (Leigh Porter)
Mon Sep 12 09:36:34 2011
From: Leigh Porter <leigh.porter@ukbroadband.com>
To: Gregory Edigarov <greg@bestnet.kharkov.ua>, "nanog@nanog.org"
<nanog@nanog.org>
Date: Mon, 12 Sep 2011 13:36:53 +0000
In-Reply-To: <20110912142317.7d4008a8@greg.bestnet.kharkov.ua>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: Gregory Edigarov [mailto:greg@bestnet.kharkov.ua]
> I.e. instead of a set of trusted CAs there will be one distributed net
> of servers, that act as a cert storage?
> I do not see how that could help...
> Well, I do not even see how can one trust any certificate that is
> issued by commercial organization.
>=20
There should be a government body to issue certificates then ;-)
But Gregory is right, you cannot really trust anybody completely. Even the=
larger and more respectable commercial organisations will be unable to re=
sist <insert intel organisation here> when they ask for dodgy certs so the=
y can intercept something..
No, as soon as you have somebody who is not yourself in control without an=
y third party verifiably independent oversight then you have to carefully =
define what you mean by trust.
--
Leigh Porter
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email=20
______________________________________________________________________
