> However, why don't we have server certificates with multiple > independent CA signatures?
Tim, I find that concept very interesting. Cheers, Chris. On Wed, Sep 8, 2010 at 10:34 PM, Tim <tim-secur...@sentinelchicken.org> wrote: >> > I'd rather have a company pay some good bucks to get their hands on a >> > highly trusted certificate than kids who's aim in life is wiping as >> > much hard disks as possible. >> > Which also answers why those $10-$20 assholes does a better job than >> > the kids we all know about... >> >> Same. I would rather trust a large company that doesn't care about >> anything except for my cash, instead of developing a different framework >> that is not based around money. > > I think you're on to something there, in that if a company's business > model were completely built on trust, then they would actually want to > protect that and not give up keys to governments. > > However, why don't we have server certificates with multiple > independent CA signatures? From there, browsers/clients could be > written to be more suspicious of single-signature Sub-CAs signed by > CAs that aren't considered as safe/trustworthy (based on whatever > political prejudices you choose). > > SSL PKI won't work if it's as flexible as PGP's web of trust, but > there's no reason it needs to be as fragile as it is now. > > tim > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/