So you hate OpenVPN, which uses the user's own private self-generated SSL certificate authority and does *not* require the centralized certificate authorities, because SSL in web browsers requires the centralized certificate authorities?
On Mon, Aug 25, 2014 at 10:38 AM, Richard Pieri <[email protected]> wrote: > On 8/25/2014 7:11 AM, Nuno Sucena Almeida wrote: > > Why the dislike of X.509 ? > > The dependence on centralized certificate authorities. X.509 is not > verifiably trustworthy and is anything but private. X.509 is, in fact, > compromised by design. It was designed specifically to grant > administrators of X.509 domains access to everything within their domains. > > The only reason it's so widespread today is because Netscape couldn't > get an export license under ITAR without a key escrow mechanism that > could be subverted by the US government. That's the foundation of > Netscape's early SSL which Microsoft duplicated. And now we're saddled > with a global scale security infrastructure that was compromised at the > roots from Day 1. > > That's why I hate X.509. > > -- > Rich P. > _______________________________________________ > Discuss mailing list > [email protected] > http://lists.blu.org/mailman/listinfo/discuss > -- John Abreau / Executive Director, Boston Linux & Unix Email [email protected] / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
