On 23.05.2015 19:05, Marko Rauhamaa wrote: > Johannes Bauer <dfnsonfsdu...@gmx.de>: > >> I think the major flaw of the X.509 certificate PKI we have today is >> that there's no namespacing whatsoever. This is a major problem, as >> the Government of Untrustworthia may give out certifictes for >> google.de if they wish to do so. > > But you're fine with the Government of Germany, I take it? Or any > accredited German CA?
Of course not. But namespacing *enables* separation of trusted entities where we currently have none whatsoever. >> Sounds like it's trivial to implement, I wonder why it's not in place. >> It must have some huge drawback that I can't think of right now. > > How would your scheme address .com, .net, .org etc? I don't see any problem, why do you see one? The thing was that I was just giving an example of how nesting could work. If those are domain names or nested OIDs or any other form of unique identifier does not matter at all. de, org, fudis, it's all the same. Cheers, Johannes -- >> Wo hattest Du das Beben nochmal GENAU vorhergesagt? > Zumindest nicht öffentlich! Ah, der neueste und bis heute genialste Streich unsere großen Kosmologen: Die Geheim-Vorhersage. - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1...@speranza.aioe.org> -- https://mail.python.org/mailman/listinfo/python-list
