Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Why the dislike of X.509?

On 8/25/2014 12:25 PM, John Abreau wrote:
> So you hate OpenVPN, which uses the user's own private self-generated
> SSL certificate authority and does *not* require the centralized
> certificate authorities, because SSL in web browsers requires
> the centralized certificate authorities?

The SSL root CAs are a type of centralized CA: they're public CAs. It's
not the publicness that makes them centralized; it's that all of the
certificates they issue are chained to their root certificates. A
private, self-signed CA is still a central CA: all certificates issued
by it are chained to that authority's root certificate. This is the very
definition of centralized.

It's not that I hate OpenVPN. It's that I hate key escrow systems. Hated
them since the early 1990s. I hate them because they're single points of
compromise for entire systems. I hate them because compromise is
undetectable by users.

Rich P.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /