[144490] in North American Network Operators' Group
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Sep 12 16:43:02 2011
To: =?utf-8?B?TcOlbnM=?= Nilsson <mansaxel@besserwisser.org>
In-Reply-To: Your message of "Mon, 12 Sep 2011 22:31:59 +0200."
<20110912203159.GA31219@besserwisser.org>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 12 Sep 2011 16:41:03 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1315860063_2747P
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
On Mon, 12 Sep 2011 22:31:59 +0200, M=E5ns Nilsson said:
> Since you are from Sweden, and in an IT job, you probably have personal=
> relations to someone who has personal relations to one of the swedes
> or other nationalities that were present at the key ceremonies for the
> root. Once you've established that the signatures on the root KSK are g=
ood
> (which -- because of the above -- should be doable OOB quite easily for=
> you) you can start validating the entire chain of trust.
>=20
> Quite trivial, in fact.
I'll note that the PGP =22strongly connected set=22 has grown all the way=
to 45,000
or so keys in 2 decades of growth. There are several billion Internet us=
ers. What
may be workable for Fredrik is probably *not* scalable to Joe Sixpack.
--==_Exmh_1315860063_2747P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFObm5fcC3lWbTT17ARArqVAKCzW0mqrMGM+yE1E1yjcLu5QMZhLgCeOKZi
gcy1HFfp+BwUTdsQg+9ngHc=
=yda/
-----END PGP SIGNATURE-----
--==_Exmh_1315860063_2747P--
