Allen Weiner wrote: > On Thu, 2011-09-15 at 08:32 -0400, Joseph Apuzzo wrote: > > A friend of mind turned me on to https://www.google.com aka to have an > > encrypted conversation with Google. > > I've been using it, since I like as much crypt-o traffic on the net as > > possible. > > > > But why? Anyone have any intelligent toughs on the subject, I would > > like to hear your take on the service and what it's good for. > > > > -- > > There has been a lot in the tech news lately that SSL has been > compromised. Some consider SSL to be worthless. Some consider that the > entire e-commerce infrastructure is insecure. > > SSL depends on a "web of trust". This is implemented via security
Actually, I think the flaw in the CA approach is that it does _not_ rely on a web of trust - it relies on "single points of trust." A true web of trust (ala PGP) would be much more secure because you'd need to own multiple signitors to create a fake key that appears legitimate. I was happy to read about Convergence (see http://convergence.io/index.html) which looks like it might bring back the web of trust concept with its implementation of "notaries." > certificates issued by a certificate authority. Several of these > cerificate authorities have been hacked/compromised (DigiNotar, Comodo). > The security cerificate for Google in particular has been stolen. > > I was alerted to this situation via the weekly radio show "PC Radio > Show" on station WBAI. A regular participant on that show is David Perry > of Trend Micro. > This SSL issue was discussed on the August 10 show. (Program archive > available at pcradioshow2.org). It was discussed further on more recent > shows, but I don't recall which ones. > > Disclaimer: I'm not knowledgeable in computer security. > > > _______________________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > > Upcoming Meetings (6pm - 8pm) MHVLS Auditorium > Oct 5 - Distributed Authentication Systems > Nov 2 - Nov 2011 > Dec 7 - Chef > ============================================================================= michaelMuller = [email protected] | http://www.mindhog.net/~mmuller ----------------------------------------------------------------------------- Lokah Samasta Sukhino Bhavantu - May all beings everywhere be happy and free. And may my own thoughts and actions contribute to that happiness and freedom. ============================================================================= _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Oct 5 - Distributed Authentication Systems Nov 2 - Nov 2011 Dec 7 - Chef
