[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: crypto, auth, CAs, web-of-trust, and phony certs

On 24 March 2011 11:18, Dr. Ed Morbius <dredmorbius@gmail.com> wrote:
Apropos some of the recent discussion we've had here of various Debian
signing keys.

A major CA (certificate authority) has issued fake SSL certs for
Google.com, Yahoo.com, and Skype.com (and apparently 6 other sites)
after its signing keys were compromised.


Under the CA / SSL model, you trust a website because you trust the CA.

Personally, I think the Dane factor is worth more than a look:



Religion is regarded by the common people as true, 
by the wise as false,
and by the rulers as useful.

— Lucius Annæus Seneca.

Terrorism, the new religion.

Reply to: