On Mon, Apr 28, 2014 at 8:20 PM, Ryan Carboni <rya...@gmail.com> wrote: > One can always start with the difficult first step of uninstalling > certificate authorities you do not trust.
"Opera will autorepair damage to the certificate repository, a missing Certificate Authority is considered damage. Opera ships with a list of frequently used certificates, and if any of these are missing they will be added the next time the repository is read from disk. Other certificates will be added from the online repository as needed." - http://my.opera.com/community/forums/topic.dml?id=1580452 Its not just Opera. Others are using similar innovative methods to reduce the support load and costs. Jeff > On Mon, Apr 28, 2014 at 4:42 PM, ianG <i...@iang.org> wrote: >> >> On 29/04/2014 00:12 am, Ryan Carboni wrote: >> > trust is outsourced all the time in the non-cryptographic world >> >> trust is built up all the time, risks are taken all the time, choice is >> taken all the time. >> >> > unless you do not have a bank account >> >> That's not outsourced, that's direct, person to bank, the person has a >> choice, chooses to place her trust in that bank. Also, it is limited to >> defined things that are required, can't be done by the person, and >> bolstered by real backing such as FIDC. >> >> When you suggest "it's probably best we trust authorities" that is >> CA-playbook crapola meaning "you must trust the authorities that have >> been picked for you." The vector has been reversed, people are told >> what has to happen, so there is no trust. >> >> Trust derives from choice. Where is the choice? >> >> > On Mon, Apr 28, 2014 at 3:00 PM, James A. Donald <jam...@echeque.com >> > <mailto:jam...@echeque.com>> wrote: >> > >> > On 2014-04-29 05:58, Ryan Carboni wrote: >> > >> > We happen to live on a planet where most users are ordinary >> > users. >> > >> > >> > given the extent of phishing, it's probably best we outsource >> > trust to >> > centralized authorities. >> > Although it should be easier establishing your own certificate >> > authority. >> > >> > Cannot outsource trust Ann usually knows more about Bob than a >> > distant authority does. A certificate authority does not certify >> > that Bob is trustworthy, but that his name is Bob. >> > >> > In practice, however we find that diverse entities have very similar >> > names, and a single entity may have many names. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
