BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] root CA bloat
- Subject: [Discuss] root CA bloat
- From: invalid at pizzashack.org (Derek Martin)
- Date: Tue, 25 Nov 2014 14:56:23 -0600
- In-reply-to: <5474DE0F.5030901@gmail.com>
- References: <546D7B55.70903@gmail.com> <BN3PR0401MB1204E9F1CF304F6724855281DC760@BN3PR0401MB1204.namprd04.prod.outlook.com> <546FC87F.1090203@gmail.com> <BN3PR0401MB120420D9FF67828E9C5551C4DC750@BN3PR0401MB1204.namprd04.prod.outlook.com> <54727CF6.9000301@gmail.com> <54728AD7.6040507@gmail.com> <20141124202035.GI11734@dragontoe.org> <5473EAE4.3050301@gmail.com> <20141125181521.GA7124@dragontoe.org> <5474DE0F.5030901@gmail.com>
On Tue, Nov 25, 2014 at 02:52:47PM -0500, Richard Pieri wrote: > On 11/25/2014 1:15 PM, Derek Martin wrote: > >Let's say I meet you on the street, and you tell me you are Steven > >Smith, and produce very good fake ID to that effect. As it happens > >(in this scenario) I am exceptionally good at spotting fake ID. I > >prove that your ID is fake. This does not prove to me who you are--it > >only proves to me one identity whom you are not. > > It proves that I'm that particular guy you met on the street. You > may not know my real identity but you still have a piece of > information -- a fingerprint if you will -- that is uniquely mine. This misses the point: we're talking about authenticating (essentially) anonymous parties on the internet for (essentially) trusting them with your money and/or secrets. The above was only an analogy to illustrate the problem. Though your response sort of makes my point for me.... sort of. Having met "fake Steven Smith #32" I would certainly trust him with neither my money nor my secrets. > If that fingerprint is used then you know that it's the guy you met > on the street with Steven Smith fake ID #32. That's all you need if > you want to communicate with fake Steven Smith #32. I have no use to communicate with "fake Steven Smith #32"... my goal is to trust that the website behind certificate XYZ actually belongs to my brokerage house, rather than some "fake Steven Smith #32" who fully intends to abscond with my nest egg. The fingerprint of "fake Steven Smith #32" has no value to me (or, I dare say, anyone), and I would not bother attempting to secure my communications with that person. > At which point a web of trust or hybrid web and chain can be used if > you need more than that. It's not an unsolvable problem. It's > already been solved: social networks. Oh, right, just like the web of trusted certificate authorities. It's a solved problem, so we really don't need to continue this discussion! -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
- Follow-Ups:
- [Discuss] root CA bloat
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] root CA bloat
- References:
- [Discuss] free SSL certs from the EFF
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] free SSL certs from the EFF
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] root CA bloat
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] root CA bloat
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] root CA bloat
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] root CA bloat
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] root CA bloat
- From: invalid at pizzashack.org (Derek Martin)
- [Discuss] root CA bloat
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] root CA bloat
- From: invalid at pizzashack.org (Derek Martin)
- [Discuss] root CA bloat
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] free SSL certs from the EFF
- Prev by Date: [Discuss] root CA bloat
- Next by Date: [Discuss] root CA bloat
- Previous by thread: [Discuss] root CA bloat
- Next by thread: [Discuss] root CA bloat
- Index(es):