On Thu, Aug 1, 2013 at 9:04 AM, Antoine Musso <hashar+...@free.fr> wrote: > Le 01/08/13 06:52, Jeremy Baron a écrit : >> We (society, standards making bodies, etc.) need to do more to reform >> the current SSL mafia system. (i.e. it should be easier for a vendor >> to remove a CA from a root store and we shouldn't have a situation >> where many dozens of orgs all have the ability to sign certs valid for >> any domain.) >> >> I'm not sure how much we (Wikimedia) can do about that though. > > Potentially similar minded foundations could form a new foundation that > would be their SSL authority :-] I am not sure whether it would be cost > effective though.
That would take years of lead time (once the CA is all ready) to get into vendor root stores. And then you have to wait for the products to actually ship. I guess we could also get cross-signed for the interim. Anyway, would need some long-term vision/investment. That wouldn't help anything until at least the end of next year. But then we still end up with the same problem: dozens of other orgs (in addition to the new hypothetical non-profit) can fraudulently sign a cert for wikipedia and be trusted nearly everywhere. -Jeremy _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l