Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Why the dislike of X.509?



So you hate OpenVPN, which uses the user's own private self-generated SSL
certificate authority and does *not* require the centralized certificate
authorities, because SSL in web browsers requires the centralized
certificate authorities?


On Mon, Aug 25, 2014 at 10:38 AM, Richard Pieri <richard.pieri at gmail.com>
wrote:

> On 8/25/2014 7:11 AM, Nuno Sucena Almeida wrote:
> > Why the dislike of X.509 ?
>
> The dependence on centralized certificate authorities. X.509 is not
> verifiably trustworthy and is anything but private. X.509 is, in fact,
> compromised by design. It was designed specifically to grant
> administrators of X.509 domains access to everything within their domains.
>
> The only reason it's so widespread today is because Netscape couldn't
> get an export license under ITAR without a key escrow mechanism that
> could be subverted by the US government. That's the foundation of
> Netscape's early SSL which Microsoft duplicated. And now we're saddled
> with a global scale security infrastructure that was compromised at the
> roots from Day 1.
>
> That's why I hate X.509.
>
> --
> Rich P.
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



-- 
John Abreau / Executive Director, Boston Linux & Unix
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org