Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] the problem with centralized certificate authorities

Bill Ricker wrote:
> ?(sadly the current CA PKI is little better, you'd be shocked whose CA your
> browser will trust to sign *.google.com .)?

An essay proposing replacing CAs with a "web of trust" model like GPG uses:
http://lorddoig.svbtle.com/heartbleed-should-bleed-x509-to-death

(The author is now proposing "a working group to kill X.509.")

(Not a novel idea. An example older article:
http://blog.cryptographyengineering.com/2012/02/how-to-fix-internet.html )


And related, the problem with certificate Revocation checking (OCSP):
https://www.imperialviolet.org/2014/04/19/revchecking.html

 -Tom

-- 
Tom Metro
The Perl Shop, Newton, MA, USA
"Predictable On-demand Perl Consulting."
http://www.theperlshop.com/
BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix / webmaster@blu.org