Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] root CA bloat

On 11/23/2014 11:13 AM, Bill Bogstad wrote:
> Almost...   Microsoft didn't authorize MarkMonitor to monitor their
> communications (as far as I know).   They authorized them to provide

The concern isn't what MM is doing at the moment; it's what MM is 
capable of doing being a trusted CA and a trusted DNS registrar and the 
owner of record for Microsoft's domains. Don't focus exclusively on 
Microsoft here. All of the big data and social media players are using 
MarkMonitor's and CSC's services.

> security of all CAs, top level DNS servers, etc.   The problems with
> CA delegation seem much more significant then this one though.   Until
> we get a solution to that problem, I'm not going to worry about this
> one.

Like I wrote before, CA delegation cannot be fixed because it isn't 
broken. It's operating exactly the way it was designed to operate. If 
you want to eliminate the problem with the lack of verifiable trust in 
the CAs and their delegates then you have to throw out X.509 PKI and 
replace it with something that has verifiable trust mechanisms.

Rich P.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /