On 8/25/2014 12:25 PM, John Abreau wrote: > So you hate OpenVPN, which uses the user's own private self-generated > SSL certificate authority and does *not* require the centralized > certificate authorities, because SSL in web browsers requires > the centralized certificate authorities?
The SSL root CAs are a type of centralized CA: they're public CAs. It's not the publicness that makes them centralized; it's that all of the certificates they issue are chained to their root certificates. A private, self-signed CA is still a central CA: all certificates issued by it are chained to that authority's root certificate. This is the very definition of centralized. It's not that I hate OpenVPN. It's that I hate key escrow systems. Hated them since the early 1990s. I hate them because they're single points of compromise for entire systems. I hate them because compromise is undetectable by users. -- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
