On 09/22/2015 05:59 PM, Robert J. Hansen wrote:
{ snip }
>> it is critical not to cripple this thing by trying to make things too
>> automatic. we'll end up like SSL/TLS
> By which you mean, what -- we'll become a largely-invisible and
> largely-effective part of the information security ecosystem that's
> responsible for securing billions of dollars a day, and on balance does
> it surprisingly well?
>
> Man, I *hope* we wind up like TLS. :)
yuk
ssl/tls is a mess: they pass out x.509 certificates like fliers at the
fair and there is no way to tell which are right and which are fake just
by looking at them. everyone is told "don't worry; be happy; you CA
has your back"but as we know now counterfeits have been introduced into their system and this is successful because users do not vet their x.509 certificates. it is certainly the case not everyone will want to vet their x.509 certificates so a configurable option should be made available. but it isn't . and we don't want to end up like ssl/tls: we want to be able to retain control over what has been authenticated and what is un-trusted . > > _______________________________________________ > enigmail-users mailing list > [email protected] > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net -- /Mike
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
