> - Your RFC is an obvious attempt to preserve today's pay-for-protection > system. It's clear from the RFC that Google is actually trying to lead the > internet down a dangerous path where people *must* pay for security by not > supporting self-signed certificates.
Erm, sorry, that should read: "where people *must* pay for insecurity", as it's, well, not actually secure. -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Apr 29, 2014, at 1:22 PM, Greg <g...@kinostudios.com> wrote: >> Or Certificate Transparency. :-) > > Sorry Ben, > > But your Certificate Transparency is not a solution. > > It's an invitation to more trouble: > > - Your currently published RFC doesn't actually fix the MITM problem, it > merely gives the illusion of a fix. It doesn't actually prevent governments > from issuing fake certificates and MITMing connections, and your attempt to > address this problem is a mere "TBD". > > - Your RFC is an obvious attempt to preserve today's pay-for-protection > system. It's clear from the RFC that Google is actually trying to lead the > internet down a dangerous path where people *must* pay for security by not > supporting self-signed certificates. > > I look forward to writing a more detailed post on it. > > Cheers, > Greg > > -- > Please do not email me anything that you are not comfortable also sharing > with the NSA.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
