[153603] in North American Network Operators' Group
Re: LinkedIn password database compromised
daemon@ATHENA.MIT.EDU (Joe Maimon)
Fri Jun 8 17:33:52 2012
Date: Fri, 08 Jun 2012 17:32:51 -0400
From: Joe Maimon <jmaimon@ttec.com>
To: David Walker <davidianwalker@gmail.com>
In-Reply-To: <CABE=bROcfpgFj+Hs2VUZnea1zJ2oMe46kijafkfeZEce2MKhCw@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
David Walker wrote:
> Self signed certificates does sound great and for most purposes,
> certainly in this case, fulfills all the requirements. There's no need
> to verify anything about me is correct other than to tie my
> authentication to my account. If I fail to meet the TOS then the plug
> is easily pulled and any further activity can be dealt with as it
> currently is by other means. I think there's enough risk in bringing
> in a CA and so little advantage that it's wrong.
>
If LinkedIn or facebook or any large social site were to implement x509,
they would be silly not to cast themselves as the trusted root.
a) its better than self signed
b) now they are an x509 identify provider
