[Discuss] Why the dislike of X.509?
Richard Pieri
richard.pieri at gmail.com
Mon Aug 25 10:38:21 EDT 2014
On 8/25/2014 7:11 AM, Nuno Sucena Almeida wrote:
> Why the dislike of X.509 ?
The dependence on centralized certificate authorities. X.509 is not
verifiably trustworthy and is anything but private. X.509 is, in fact,
compromised by design. It was designed specifically to grant
administrators of X.509 domains access to everything within their domains.
The only reason it's so widespread today is because Netscape couldn't
get an export license under ITAR without a key escrow mechanism that
could be subverted by the US government. That's the foundation of
Netscape's early SSL which Microsoft duplicated. And now we're saddled
with a global scale security infrastructure that was compromised at the
roots from Day 1.
That's why I hate X.509.
--
Rich P.
More information about the Discuss
mailing list