[Freedombox-discuss] Debian as though cryptographic authentication mattered Questions

[dkg@fifthhorseman.net (Daniel Kahn Gillmor)]

On 08/05/2011 04:01 PM, Melvin Carvalho wrote:

> In general it would be fair to say WebiD has a dependency on DNS but
> so does email email.  In both systems there are cases where you can
> work without DNS.
> 
> Unsure of the supposed dependency of the CA Cartel, given that
> certificates are self signed.  Perhaps I'm missing something, tho.

Barring a functional DNSSEC+DANE implementation (which no one seems to
have running in the real world yet to my knowledge), there is a
dependency on the CA Cartel to verify the certificates of the web
servers involved.

I'm assuming, of course, that the web servers use HTTPS; otherwise, a
network attacker could simply hijack the connections to the server directly.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110805/c6ae6545/attachment.pgp>