Nadim, I think its about time to have CA´s be peer accredited institutes (EFF/tor/access now/my brother´s sister´s cousin/ whoever) issuing free or at least at cost certs. That being said, I don´t think certs are very good at preventing mitm anyway, that might be the case if a majority of users would have the wherewithal for a more realistic reaction than "ooh red/green is bad/good", and even then. Love ssl, don´t really care about certs. So yes, lets dump "trust me, I´ve been certified" in favor of "you don´t know who I am, but only we know what we´re telling each other."
- Ruben On 01/04/2013 02:09 AM, Nadim Kobeissi wrote: > Another CA has been found issuing SSL certificates for Google services. > Mozilla has acted on the > issue: > https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/ > > The weird thing is that it's starting to appear less and less crazy to > just get rid of the CA system and replace it with… nothing. What do you > guys think? > > NK > > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
