On 11/23/2014 11:13 AM, Bill Bogstad wrote:
Almost... Microsoft didn't authorize MarkMonitor to monitor their communications (as far as I know). They authorized them to provide
The concern isn't what MM is doing at the moment; it's what MM is capable of doing being a trusted CA and a trusted DNS registrar and the owner of record for Microsoft's domains. Don't focus exclusively on Microsoft here. All of the big data and social media players are using MarkMonitor's and CSC's services.
security of all CAs, top level DNS servers, etc. The problems with CA delegation seem much more significant then this one though. Until we get a solution to that problem, I'm not going to worry about this one.
Like I wrote before, CA delegation cannot be fixed because it isn't broken. It's operating exactly the way it was designed to operate. If you want to eliminate the problem with the lack of verifiable trust in the CAs and their delegates then you have to throw out X.509 PKI and replace it with something that has verifiable trust mechanisms.
-- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
