We want a certain X people from a certain X chan dictating how some X software is fully trusted and can run on my computer.
Call me paranoid, but I stick to the #1 rule of never ever trusting the public. I'd rather have a company pay some good bucks to get their hands on a highly trusted certificate than kids who's aim in life is wiping as much hard disks as possible. Which also answers why those $10-$20 assholes does a better job than the kids we all know about... On Wed, Sep 8, 2010 at 8:56 PM, BMF <[email protected]> wrote: > On Wed, Sep 8, 2010 at 9:24 AM, Andrew Auernheimer <[email protected]> wrote: >> un-tl;dr abstract: SSL is broken. Certificate authorities only exist >> to let the US, Chinese, Turkish, Brazilian etc etc government or >> Russian mob spy on you (whichever is interested first). Well, I guess >> they also exist to line the pockets of assholes who want $10-50 for >> pushing a button. > > Amen. This is why we should use and support web of trust style systems. > > CA Cert for SSL. > > GPG for most other things. > > BMF > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
