On 12/8/11 5:20 AM, Jacob Appelbaum wrote: > On 12/07/2011 06:27 PM, Phillip Hallam-Baker wrote: >> If you think 50 CAs is too many then make your case based on the number >> there is support for rather than inflating it. > All of this reminds me of a fantastic joke from the wonderful book > Stasiland: > > Herr Bohnsack starts with a joke. "The USA, the Soviet Union and the GDR > want to raise the Titanic," he says. "The USA wants the jewels presumed > to be in the safe, the Soviets are after the state-of-the-art > technology; and the GDR" - he downs his Korn for dramatic pause - "the > GDR wants the band that played as it went down." > > Out of fifty or six hundred and fifty, I still have two keys that could > be used for MITM on a large number of targets. One key has been > released[0], the other has not[1]. > > So what's the case? > > I was able to become a valid CA at all. Two really. In some > circumstances, I'm still able to sign things as if I was a valid CA. > > That's a pretty silly security system. Though I do appreciate that > you're willing to sing the chorus with the CA band as the X509 security > ship sinks! > > All the best, > Jacob > > [0] > https://www.noisebridge.net/pipermail/noisebridge-discuss/2009-September/008400.html > [1] http://www.win.tue.nl/hashclash/rogue-ca/
It seem to be more torpedoes in the water, to keep those ship sinking "Another Dutch CA Hacked" http://translate.google.com/translate?sl=auto&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwebwereld.nl%2Fnieuws%2F108815%2Fweer-certificatenleverancier-overheid-gehackt.html&act=url --r -- --- Robert Malmgren Encrypted e-mail preferred E-mail: [email protected] PGP RSA 4096, id: 0x5B979EF5 Cellular: +46(0)708-330378 Fingerprint: DE59 D86C 4CAF 2E59 A64E Jabber: [email protected] 5476 2360 F1B4 5B97 9EF5
