BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] root CA bloat
- Subject: [Discuss] root CA bloat
- From: richard.pieri at gmail.com (Richard Pieri)
- Date: Sun, 23 Nov 2014 12:53:25 -0500
- In-reply-to: <CAJFsZ=o2A3zUma5p8Dmx6gA_R=VvfRS7E+XxumRQgpL1HhF1KQ@mail.gmail.com>
- References: <546C4823.6060900@gmail.com> <BN3PR0401MB1204BAB10AE6249C54E4E81BDC760@BN3PR0401MB1204.namprd04.prod.outlook.com> <546D7B55.70903@gmail.com> <BN3PR0401MB1204E9F1CF304F6724855281DC760@BN3PR0401MB1204.namprd04.prod.outlook.com> <546FC87F.1090203@gmail.com> <546FE733.8070007@gmail.com> <CAJFsZ=pXgxcG5zeD=zg+us8uanYgRGEcToYAjuwekH7+K980Yg@mail.gmail.com> <5470A912.2080801@gmail.com> <CAJFsZ=rvcyoP+Op7EG01kkJyMM72mwg=sicPHF5fVdRbYceApw@mail.gmail.com> <5471272F.4090506@gmail.com> <CAJFsZ=pzNw6mk1aQZvLJ8CvAe-hv4EQA5Fu6g4Ewcf3kok=NyA@mail.gmail.com> <5471F4D9.1010006@gmail.com> <CAJFsZ=o2A3zUma5p8Dmx6gA_R=VvfRS7E+XxumRQgpL1HhF1KQ@mail.gmail.com>
On 11/23/2014 11:13 AM, Bill Bogstad wrote: > Almost... Microsoft didn't authorize MarkMonitor to monitor their > communications (as far as I know). They authorized them to provide The concern isn't what MM is doing at the moment; it's what MM is capable of doing being a trusted CA and a trusted DNS registrar and the owner of record for Microsoft's domains. Don't focus exclusively on Microsoft here. All of the big data and social media players are using MarkMonitor's and CSC's services. > security of all CAs, top level DNS servers, etc. The problems with > CA delegation seem much more significant then this one though. Until > we get a solution to that problem, I'm not going to worry about this > one. Like I wrote before, CA delegation cannot be fixed because it isn't broken. It's operating exactly the way it was designed to operate. If you want to eliminate the problem with the lack of verifiable trust in the CAs and their delegates then you have to throw out X.509 PKI and replace it with something that has verifiable trust mechanisms. -- Rich P.
- References:
- [Discuss] free SSL certs from the EFF
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] free SSL certs from the EFF
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] free SSL certs from the EFF
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] free SSL certs from the EFF
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] root CA bloat
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] root CA bloat
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] root CA bloat
- From: bogstad at pobox.com (Bill Bogstad)
- [Discuss] root CA bloat
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] root CA bloat
- From: bogstad at pobox.com (Bill Bogstad)
- [Discuss] root CA bloat
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] root CA bloat
- From: bogstad at pobox.com (Bill Bogstad)
- [Discuss] root CA bloat
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] root CA bloat
- From: bogstad at pobox.com (Bill Bogstad)
- [Discuss] free SSL certs from the EFF
- Prev by Date: [Discuss] root CA bloat
- Next by Date: [Discuss] Very odd RCN behavior, PC can connect, but not routers
- Previous by thread: [Discuss] root CA bloat
- Next by thread: [Discuss] root CA bloat
- Index(es):
