also sprach Andrew Suffield <asuffield@debian.org> [2004.06.30.0217 +0200]: > Firstly: Why do they own these workstations? What purpose do they serve? > > If they had nothing to do with the process of creating certificates > then they wouldn't be here. There is more work at a CA than issuing certificates. > Secondly: I don't believe in the notion that you can run a company > where all people who have any kind of access are both trustworthy and > reliable, and still be large enough to be relevant. We can't even do > it for governments - why should companies be any different? People get > appointed for the wrong reasons and you just have to deal with it, and > they get lazy because they've been doing this exact same process on a > regular basis for three years and nobody's attacked it yet. It's not > like they're doing anything really important. There are many protocol to prevent humans from screwing up. Read Anderson or Schneier for an overview. also sprach Zenaan Harkness <zen@freedbms.net> [2004.06.30.0219 +0200]: > Isn't it possible to have the "certificate signing facility" on > a network-disconnected box, to thereby require at minimum physical > access to the box to compromize a (master) certificate? Yes, this is what most will have... also sprach Matthew Palmer <mpalmer@debian.org> [2004.06.30.0225 +0200]: > So, in a roundabout way, you're supporting what Andrew said. > There's no such thing as a trustworthy company. Only trustworthy > people. In the same way as you may trust an otherwise unknown key > because someone you really trust says it's OK, similarly you might > trust a company because someone you really trust says it's OK. As I stated above, it is foolish for any company in the trust business to rely on their people. Therefore, protocols are in place that prevent people from screwing up or subverting the system. Or at least to make it a lot harder because multiple people have to cooperate against the regulations. Now how about we get back in topic? Can we please have a properly secured HTTPS page which provides the fingerprint of our signing keys? Are there any technically sound arguments against it? Are there porponents? -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature