[HacktionLab] FYI: Free certificate authority
Charlie Harvey
charlie at newint.org
Fri Nov 21 10:10:26 UTC 2014
On 21/11/14 09:17, ekes wrote:
> On 21/11/14 10:06, Christian Wach wrote:
>> On 20 Nov 2014, at 19:52, Charlie Harvey <charlie at newint.org> wrote:
>>
>>> Saw this and thought of the hacktionlab:
>>> https://www.schneier.com/blog/archives/2014/11/a_new_free_ca.html
----------------------8<------------------------
>> What do you think of this counter-argument?
>>
>> <https://www.linkedin.com/today/post/article/20141120073425-26662417-why-i-won-t-be-using-let-s-encrypt-and-recommend-other-not-to-also>
>
> tl;dr X.509 is broken so we shouldn't dirty ourselves by lending it any
> more credence. To encourage people use it gives them a false sense of
> security.
>
> Maximalist position that doesn't give people the, actually real, layer
> of protection they could get now; and working for an alternative doesn't
> negate getting more people to use the agreed standard at the moment.
>
> ekes
Hi,
On the subject of the alternative, there's some good efforts to get
round the trusted third party problem out there. But they don't seem to
have as much traction as we might like, maybe something hacktionlab
could promote?
Moxie's convergence which uses a distributed trust model:
http://www.networkcomputing.com/networking/new-ssl-alternative-support-grows-for-convergence/d/d-id/1100471
(talk https://www.youtube.com/watch?v=Z7Wl2FW2TcA )
Monkeysphere uses the pgp web of trust: http://web.monkeysphere.info/why/
There was also an effort to extend DNSSEC to validate certificates,
though I think that probably just moves the problem to DNS...
Cheers,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.aktivix.org/pipermail/hacktionlab/attachments/20141121/b79efe16/attachment.sig>
More information about the HacktionLab
mailing list