The assumptions from the RFC (at the beginning of comment #11) are the sort of thing that we now recognise as inadequate for the construction of Internet security systems.
I think they always have been from the hardcore security circles (I don't mean the cryptographers, but those using it). PGP was much earlier than SSL. Old fight...
So, in the current model, you are vulnerable to governments (actually anybody) which control root CAs.
Correct. This isn't going to change any time soon.
I don't see that being the case for PGP. Nor for SSH, assuming that the gov'ts usually don't listen to and alter the first connection. At least from the crypto side (I do see very real threat there from the side of security bugs, but that's another subject).
That indeed is the crux of the debate. Strong quality control on CAs just begs the question: how strong? where strong?
Yup, and the current policy *completely* spares that out, that's why I pointed it out.
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
