[65697] in North American Network Operators' Group
Re: Does your Certifying Authority have a clue who you are? Do they care?
daemon@ATHENA.MIT.EDU (Bob Beck)
Fri Dec 5 10:56:13 2003
To: Adi Linden <adil@adis.on.ca>
Cc: nanog@nanog.org
In-reply-to: Your message of "Fri, 05 Dec 2003 09:28:05 CST."
<Pine.LNX.4.44.0312050920450.23831-100000@adibox.knet.ca>
Date: Fri, 05 Dec 2003 08:55:29 -0700
From: Bob Beck <beck@bofh.cns.ualberta.ca>
Errors-To: owner-nanog-outgoing@merit.edu
>I would never trust a ssl certificate for that purpose. It does
>provide a reasonable effort to keep information between me and the server
>confidential. That's worth something, I guess.
I agree with you, I just don't think this is reasonable. If the
CA's aren't going to keep tabs on your stuff (and I'm not just picking
on thawte here) and the browsers both don't differentiate between
CA's, and make it easy for the user to accept random certificates or
bypass the certification mechanism entirely, I don't think it is a
reasonable effort. The whole process is flawed.
-Bob
