On Tue, Dec 6, 2011 at 10:48 AM, Florian Weimer fwei...@bfk.de wrote:
* Ben Laurie:
Given the recent discussion on Sovereign Keys I thought people might
be interested in a related, but less ambitious, idea Adam Langley and
I have been kicking around:
* Ben Laurie:
Given the recent discussion on Sovereign Keys I thought people might
be interested in a related, but less ambitious, idea Adam Langley and
I have been kicking around:
http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf.
Why wouldn't the problem we
On Wed, Nov 30, 2011 at 1:18 AM, Marsh Ray ma...@extendedsubset.com wrote:
On 11/27/2011 03:00 PM, Ben Laurie wrote:
Given the recent discussion on Sovereign Keys I thought people might
be interested in a related, but less ambitious, idea Adam Langley
and I have been kicking around:
On 11/30/2011 05:24 AM, Ben Laurie wrote:
On Wed, Nov 30, 2011 at 1:18 AM, Marsh Rayma...@extendedsubset.com
wrote:
Perhaps the relevant property is certs issued by a browser-trusted
CA or subordinate regardless of their visibility.
If they are not visible, why would we care whether they
On Wed, Nov 30, 2011 at 5:16 PM, Marsh Ray ma...@extendedsubset.com wrote:
On 11/30/2011 05:24 AM, Ben Laurie wrote:
On Wed, Nov 30, 2011 at 1:18 AM, Marsh Rayma...@extendedsubset.com
wrote:
Perhaps the relevant property is certs issued by a browser-trusted
CA or subordinate regardless of
On 28/11/11 08:00 AM, Ben Laurie wrote:
Given the recent discussion on Sovereign Keys I thought people might
be interested in a related, but less ambitious, idea Adam Langley and
I have been kicking around:
http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf.
I
On 11/27/2011 03:00 PM, Ben Laurie wrote:
Given the recent discussion on Sovereign Keys I thought people might
be interested in a related, but less ambitious, idea Adam Langley
and I have been kicking around:
http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf.
Some
Today, a site operator can opt-out of the CA system by using a
self-signed certificate. When users go to the site they get a warning
that they blindly click-through. This degrades one of the main
benefits of the CA system.
Browsers will need to require (at some point in the future) that all
On Mon, Nov 28, 2011 at 10:39 AM, Chris Richardson
ch...@randomnonce.org wrote:
Today, a site operator can opt-out of the CA system by using a
self-signed certificate. When users go to the site they get a warning
that they blindly click-through. This degrades one of the main
benefits of the
Ben Laurie writes:
How will the opt-out mechanism work so that it is not degraded by uses
clicking through a warning?
Don't quite understand the question: if you have opted out you
shouldn't get a warning, surely?
I think that question was about unilateral client-side opt-out (users
On Mon, Nov 28, 2011 at 6:46 PM, Seth David Schoen sch...@eff.org wrote:
Ben Laurie writes:
How will the opt-out mechanism work so that it is not degraded by uses
clicking through a warning?
Don't quite understand the question: if you have opted out you
shouldn't get a warning, surely?
Right. Or to think about it a different way:
Facebook uses a CA-signed cert. Users connecting to Facebook get no
errors/warnings (assuming no one mucks with the connection)
If someone is mucking with my connection, I get a self-signed Facebook
cert and the appropriate warning screen.
In this
So my biggest question is what defines a publically visible
certificate? Of course every certificate gmail uses would be
public... but what about the cert that corresponds to the new product
google is launching that's in beta for a few users? That cert should
be published... but then that lets
On Sun, Nov 27, 2011 at 10:54 PM, Tom Ritter t...@ritter.vg wrote:
So my biggest question is what defines a publically visible
certificate? Of course every certificate gmail uses would be
public... but what about the cert that corresponds to the new product
google is launching that's in beta
14 matches
Mail list logo
