Michael Muller wrote: > Allen Weiner wrote: >> On Thu, 2011-09-15 at 08:32 -0400, Joseph Apuzzo wrote: >>> A friend of mind turned me on to https://www.google.com aka to have an >>> encrypted conversation with Google. >>> I've been using it, since I like as much crypt-o traffic on the net as >>> possible. >>> >>> But why? Anyone have any intelligent toughs on the subject, I would >>> like to hear your take on the service and what it's good for. >>> >>> -- >> There has been a lot in the tech news lately that SSL has been >> compromised. Some consider SSL to be worthless. Some consider that the >> entire e-commerce infrastructure is insecure. >> >> SSL depends on a "web of trust". This is implemented via security > > Actually, I think the flaw in the CA approach is that it does _not_ rely on a > web of trust - it relies on "single points of trust." A true web of trust > (ala PGP) would be much more secure because you'd need to own multiple > signitors to create a fake key that appears legitimate. > > I was happy to read about Convergence (see http://convergence.io/index.html) > which looks like it might bring back the web of trust concept with its > implementation of "notaries."
See also: http://www.networknotary.org/ - Ron _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Oct 5 - Distributed Authentication Systems Nov 2 - Nov 2011 Dec 7 - Chef
