[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [certid] fyi: paper on compelled, certificate creation attack and applicable appliance

From: ArkanoiD <ark at eltex.net>
To: =JeffH <Jeff.Hodges at KingsMountain.com>
Cc: certid at ietf.org, tls at ietf.org
Date: Thu, 25 Mar 2010 07:14:02 +0300
In-reply-to: <4BAA7F31.5050706 at KingsMountain.com>
References: <4BAA7F31.5050706 at KingsMountain.com>
List-id: Representation and verification of identity in certificates <certid.ietf.org>

Well, that's quite obvious that PKI in the "big internet" as we know it is
just a card house: if *ANY* CA we trust get compromised or mailicious, it
is all flawed. There is nothing we can do besides examining chain of trust
manually and watching for certificate changes. The TOFU technology described there is quite obvious, i always wondered why ssh has it and browsers do not.

It is completely out of the scope of the certid list, though :-(

References:
- [certid] fyi: paper on compelled, certificate creation attack and applicable appliance
  - From: =JeffH

Prev by Date: Re: [certid] [TLS] fyi: paper on compelled, certificate creation attack and applicable appliance
Next by Date: Re: [certid] [TLS] fyi: paper on compelled, certificate creation attack and applicable appliance
Previous by thread: Re: [certid] [TLS] fyi: paper on compelled, certificate creation attack and applicable appliance
Next by thread: Re: [certid] [TLS] fyi: paper on compelled, certificate creation attack and applicable appliance
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.