[Discuss] Why the dislike of X.509?
John Abreau
jabr at blu.org
Mon Aug 25 12:25:34 EDT 2014
So you hate OpenVPN, which uses the user's own private self-generated SSL
certificate authority and does *not* require the centralized certificate
authorities, because SSL in web browsers requires the centralized
certificate authorities?
On Mon, Aug 25, 2014 at 10:38 AM, Richard Pieri <richard.pieri at gmail.com>
wrote:
> On 8/25/2014 7:11 AM, Nuno Sucena Almeida wrote:
> > Why the dislike of X.509 ?
>
> The dependence on centralized certificate authorities. X.509 is not
> verifiably trustworthy and is anything but private. X.509 is, in fact,
> compromised by design. It was designed specifically to grant
> administrators of X.509 domains access to everything within their domains.
>
> The only reason it's so widespread today is because Netscape couldn't
> get an export license under ITAR without a key escrow mechanism that
> could be subverted by the US government. That's the foundation of
> Netscape's early SSL which Microsoft duplicated. And now we're saddled
> with a global scale security infrastructure that was compromised at the
> roots from Day 1.
>
> That's why I hate X.509.
>
> --
> Rich P.
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
--
John Abreau / Executive Director, Boston Linux & Unix
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6
More information about the Discuss
mailing list