Let's be honest, without any methamatical/design/architectural assumptions, about the current PKI practical context. One of the weakest links of PKI is trust delegation to some sort of governement based legislated system. As said, somewhere on this maling list, CA's are companies in those same legislative ecosystems. This should be seen if you study the current "View of certificates" you get from popular endpoints using different geographic locations. Cross correlating this with the current PKI CA's/Delegations Trust network should give us an hint that effectively governments are monitoring the People. I think we should make an effort, in name of freedom, and study this more carefully and sooner as possible. SSL Observatory from EFF is a step forward but we need more.
1 - We need data on the details of certificates obtained from different geographic/government locations when pointing to popular endpoints such us google, facebook and so on 2 - We need to map/take_in_account clustered endpoints, like google, when doing this, since certificates differ in the clusters. 3 - Sitting ourselfs in different geographic locations when performing data collection should be done using different methods (use of proxy's, people from different countries submitting their certificates views..???). On Thu, Sep 22, 2011 at 10:38 AM, Ralph Holz <h...@net.in.tum.de> wrote: > Hi, > > Sorry, but this is too good. This is the Bavarian tax office, and ELSTER > is the government's tax software: > > C=DE, ST=Bayern, L=Muenchen, O=Bayerisches Landesamt fuer Steuern - > Dienststelle Muenchen, OU=ELSTER, CN=Elster HTTPS-Client, 41 > > I seem to live in the country of offenders. > > Ralph > -- > Dipl.-Inform. Ralph Holz > I8: Network Architectures and Services > Technische Universität München > http://www.net.in.tum.de/de/mitarbeiter/holz/ > > > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography > > _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
