Bill Ricker wrote: > (sadly the current CA PKI is little better, you'd be shocked whose CA your > browser will trust to sign *.google.com .)
An essay proposing replacing CAs with a "web of trust" model like GPG uses: http://lorddoig.svbtle.com/heartbleed-should-bleed-x509-to-death (The author is now proposing "a working group to kill X.509.") (Not a novel idea. An example older article: http://blog.cryptographyengineering.com/2012/02/how-to-fix-internet.html ) And related, the problem with certificate Revocation checking (OCSP): https://www.imperialviolet.org/2014/04/19/revchecking.html -Tom -- Tom Metro The Perl Shop, Newton, MA, USA "Predictable On-demand Perl Consulting." http://www.theperlshop.com/ _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss