BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Why the dislike of X.509?
- Subject: [Discuss] Why the dislike of X.509?
- From: richard.pieri at gmail.com (Richard Pieri)
- Date: Mon, 25 Aug 2014 13:22:46 -0400
- In-reply-to: <CA+h9Qs5GnC6d1ejBQC=crtHwxoDiFWo4Kn+xjt0eiA8Kr733_A@mail.gmail.com>
- References: <53F9F6B9.4060505@stephenadler.com> <20140824161132.GE14848@randomstring.org> <be314521ab6bebb6add54d706b042f01.squirrel@mail.mohawksoft.com> <53FA1C3B.70908@gmail.com> <53FB19E5.4080602@aeminium.org> <53FB4A5D.2030305@gmail.com> <CA+h9Qs5GnC6d1ejBQC=crtHwxoDiFWo4Kn+xjt0eiA8Kr733_A@mail.gmail.com>
On 8/25/2014 12:25 PM, John Abreau wrote: > So you hate OpenVPN, which uses the user's own private self-generated > SSL certificate authority and does *not* require the centralized > certificate authorities, because SSL in web browsers requires > the centralized certificate authorities? The SSL root CAs are a type of centralized CA: they're public CAs. It's not the publicness that makes them centralized; it's that all of the certificates they issue are chained to their root certificates. A private, self-signed CA is still a central CA: all certificates issued by it are chained to that authority's root certificate. This is the very definition of centralized. It's not that I hate OpenVPN. It's that I hate key escrow systems. Hated them since the early 1990s. I hate them because they're single points of compromise for entire systems. I hate them because compromise is undetectable by users. -- Rich P.
- Follow-Ups:
- [Discuss] Why the dislike of X.509?
- From: warlord at MIT.EDU (Derek Atkins)
- [Discuss] Why the dislike of X.509?
- From: jabr at blu.org (John Abreau)
- [Discuss] Why the dislike of X.509?
- From: bill.n1vux at gmail.com (Bill Ricker)
- [Discuss] Why the dislike of X.509?
- References:
- [Discuss] vnc
- From: adler at stephenadler.com (Stephen Adler)
- [Discuss] vnc
- From: dsr at randomstring.org (Dan Ritter)
- [Discuss] vnc
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- [Discuss] vnc
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] vnc
- From: nuno at aeminium.org (Nuno Sucena Almeida)
- [Discuss] Why the dislike of X.509?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] Why the dislike of X.509?
- From: jabr at blu.org (John Abreau)
- [Discuss] vnc
- Prev by Date: [Discuss] vnc
- Next by Date: [Discuss] Why the dislike of X.509?
- Previous by thread: [Discuss] Why the dislike of X.509?
- Next by thread: [Discuss] Why the dislike of X.509?
- Index(es):
