On Mon, Dec 16, 2013 at 1:32 AM, Leif Johansson <le...@mnt.se> wrote:
> > > 16 dec 2013 kl. 03:21 skrev Phillip Hallam-Baker <hal...@gmail.com>: > > > > > On Sun, Dec 15, 2013 at 8:50 PM, Tao Effect <cont...@taoeffect.com> wrote: > >> And for someone who is accusing others of being 'fraudulent', not a good >> move to start off repeating figures already exposed as bogus like the oft >> repeated but still untrue claim of 600 CAs. >> >> >> I thought the EFF was a reputable source. >> >> There has been no update or correction to their post: >> https://www.eff.org/deeplinks/2011/10/how-secure-https-today >> > > Which kind of calls their credibility into question. HALF the 'CAs' in > their graph are from the DFN root. You can check that out for yourself, it > is a German CA that issues certs to higher education institutions. As has > been demonstrated (and agreed by the EFF people), DFN do not sign certs for > key signing keys they do not hold. > > > yep, DFN is a 'private' sub-CA under tight control but it could still be > attacked the way diginotar was and though I believe their secuity is a lot > better than their less fortunate Dutch cousins, a successful attack would > be just as bad. > That does not excuse 1) Failing to examine the issue when the DFN root accounted for half of the purported '600 CAs' 2) Continuing to count the DFN as 300 CAs when they know it is one. Putting out sloppy research and then failing to correct it when a mistake is committed is the problem. If someone publishes a flawed study I expect them to withdraw it when the errors are pointed out. I don't expect them to say that they are going to continue to publish a number they know is out by a factor of at least 2 because getting a correct number would be too much work. If people are going to make pointed accusations about the trustworthiness of others then they had better not continue to knowingly publish false data. As with the 'Al Gore claimed to invent the internet' lie, this has become a zombie lie that is repeated to make a political point by people who don't really care if what they are saying is true or not. I think that is a problem. And I am going to continue to point out that the EFF is peddling a lie until they withdraw it. -- Website: http://hallambaker.com/
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
