[Discuss] the problem with centralized certificate authorities
Tom Metro
tmetro+blu at gmail.com
Mon Apr 21 17:29:48 EDT 2014
Bill Ricker wrote:
> (sadly the current CA PKI is little better, you'd be shocked whose CA your
> browser will trust to sign *.google.com .)
An essay proposing replacing CAs with a "web of trust" model like GPG uses:
http://lorddoig.svbtle.com/heartbleed-should-bleed-x509-to-death
(The author is now proposing "a working group to kill X.509.")
(Not a novel idea. An example older article:
http://blog.cryptographyengineering.com/2012/02/how-to-fix-internet.html )
And related, the problem with certificate Revocation checking (OCSP):
https://www.imperialviolet.org/2014/04/19/revchecking.html
-Tom
--
Tom Metro
The Perl Shop, Newton, MA, USA
"Predictable On-demand Perl Consulting."
http://www.theperlshop.com/
More information about the Discuss
mailing list