> ssl/tls is a mess: they pass out x.509 certificates like fliers at the > fair and there is no way to tell which are right and which are fake just > by looking at them. everyone is told "don't worry; be happy; you CA > has your back"
Sure. But where is this a flaw of TLS? It isn't TLS's fault the browser vendors trust too many CAs, or unreliable CAs. Your objections boil down to, "OS vendors and browser manufacturers give trust to CAs that are not trustworthy, and end-users don't validate certificates." Both of which are true, and neither of which has anything to do with TLS. > available. but it isn't . and we don't want to end up like ssl/tls: > we want to be able to retain control over what has been authenticated > and what is un-trusted . You might. Other people might not. Remember that the Web of Trust is completely compatible with a CA-style approach. It was specifically designed that way.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net