The problem is how do you not trust them without breaking significant parts of the internet.
They have us over a barrel. John b. On 2011-03-30, at 2:09 PM, Kurt Seifried wrote: > http://www.linux-magazine.com/Issues/2010/112/ATTACKS-AGAINST-SSL/(kategorie)/0 > > http://www.linux-magazine.com/Issues/2010/114/BREACH-OF-TRUST/(kategorie)/0 > > And perfectly, just today: > > http://it.slashdot.org/story/11/03/30/1325230/Comodo-Says-Two-More-RAs-Compromised > > So... eBay has been selling secureID tokens to ebay/paypal customers > for $5, to secure access to your accounts for several years now, but > Comodo, who is literally selling trust, just uses a username/password? > Hell, Gmail, for free, now does two factor authentication. > > Seriously, how can you trust something like a CA when they behave this > badly/incompetently? > > -Kurt > > On Sun, Mar 27, 2011 at 2:54 AM, James A. Donald <[email protected]> wrote: >> On 2011-03-26 6:36 AM, Kurt Seifried wrote: >>> >>> There are some other major issues but as far as I can tell SSL is so >>> fundamentally broken at the design and operational level it can't be >>> fixed, I wrote some articles last year but gave up tilting at >>> windmills because it was largely having no effect. >> >> Please point me to those articles. >> > > > > -- > Kurt Seifried > [email protected] > skype: 1-703-879-3176 > _______________________________________________ > security mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-security
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
