[144497] in North American Network Operators' Group
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
daemon@ATHENA.MIT.EDU (=?utf-8?B?TcOlbnM=?= Nilsson)
Mon Sep 12 17:05:07 2011
Date: Mon, 12 Sep 2011 23:03:36 +0200
From: =?utf-8?B?TcOlbnM=?= Nilsson <mansaxel@besserwisser.org>
To: fredrik danerklint <fredan-nanog@fredan.se>
In-Reply-To: <201109122242.35932.fredan-nanog@fredan.se>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--ZoaI/ZTpAVc4A5k6
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: Re: Microsoft deems all DigiNotar certificates untrustworthy, rele=
ases Date: Mon, Sep 12, 2011 at 10:42:35PM +0200 Quoting fredrik danerklint=
(fredan-nanog@fredan.se):
> > Quite trivial, in fact.
>=20
> and how about a end user, who doesn't understand a computer at all, to be=
able=20
> verify the signatures, correctly?
Joe Sixpack clicks through today. He will, too, later, but, one of
the Fine Things with DANE is that no entity can produce valid data for
anything outside its own domain(s). Damage limitation is quite important,
while admittingly not being the silver bullet.
The existence of a free and secure chain of trust will put a price
pressure on DV certificates, which just might create a situation where
the marginal cost for doing TLS is so low that it is hard to set up a
web site without.
Taken together, this creates a situation where valid, verified
certificates are the norm, for real, which makes it all the more possible
to flag the exceptions much more annoyingly. Perhaps even refuse to
open them.
--=20
M=C3=A5ns Nilsson primary/secondary/besserwisser/machina
MN-1334-RIPE +46 705 989668
=2E.. this must be what it's like to be a COLLEGE GRADUATE!!
--ZoaI/ZTpAVc4A5k6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk5uc6gACgkQ02/pMZDM1cVvugCghPzW3VaKc5+2N/BnLQZJ4V1v
7yUAn2zkLglK893p8kbsJAfqap30UBBk
=BGBB
-----END PGP SIGNATURE-----
--ZoaI/ZTpAVc4A5k6--
