[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] Crypto questions



On 04/23/2011 03:07 AM, Sandy Harris wrote:
> Arguably, the whole certificate infrastructure for SSL
> is broken beyond repair. My /etc/ssl/certs has 289
> Certificate Authorities listed. These are not just
> people I am expected by default to trust; they can
> sign certificates that make me trust others.

I share your criticisms of the X.509 certificate infrastructure.

As a contributor

> A good academic paper on the problem is:
> https://db.usenix.org/publications/library/proceedings/sec98/gutmann.html
> 
> However, his software does not turn up in
> the Ubuntu repository. Is it in Debian?
> Could it be?

Here is my writeup of why i stopped trying to package Gutmann's cryptlib
for debian:

  https://www.debian-administration.org/users/dkg/weblog/74

I would be happy if someone else found a good reason to continue with
the work, but i'm not convinced that it's worth doing.

> [havege] is not as well-known as Gutmann's work.
> Has anyone anlyzed it?

The person to ask would be lunar at debian.org, who is responsible for
packaging the latest version of haveged.  You might also be interested
in the history of the package:

 http://packages.qa.debian.org/h/haveged.html

It appears that older versions have been removed from debian in the past
due to compilation and segfault problems.  It appears that Lunar has
fixed that up in the latest release (as of yesterday!), though.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110423/8ea41cad/attachment.pgp>


Reply to: