On Fri, Jun 3, 2016 at 2:03 PM, Nick Lamb wrote:
> On Friday, 3 June 2016 17:25:11 UTC+1, Peter Kurrasch wrote:
> > Regarding use of the term "bad", what does anyone think about this as an
> alternative: "furtherance of criminal activity"
>
> As far as I'm aware all of the following are examples
On Friday, 3 June 2016 17:25:11 UTC+1, Peter Kurrasch wrote:
> Regarding use of the term "bad", what does anyone think about this as an
> alternative: "furtherance of criminal activity"
As far as I'm aware all of the following are examples of criminal activity:
Gambling (in some but not all of
I wasn't intending to get into a broader discussion about the merits of
encryption. My initial point was two-fold: First, that there are a lot of
different scenarios to consider--too many, in fact. Second, that a "good" cert
could be used for any of those bad things, although the use of certs is
On Thu, May 26, 2016 at 1:58 PM, Phillip Hallam-Baker
wrote:
> What has encryption got to do with it?
The "bad" raised was unrelated to certificates, publicly trusted or
otherwise. As Nick also pointed out, a number of the "bad" is just as
accomplish through other means independent of certificate
You are right to point out that many of those scenarios could be accomplished
with a self-signed cert or indeed no cert at all. The decision to use a good
cert or the likelihood of a good cert being used in any given scenario is not
necessarily that important. What matters is that once we find a
On Thu, May 26, 2016 at 12:23 PM, Ryan Sleevi wrote:
> On Thu, May 26, 2016 at 7:40 AM, Peter Kurrasch wrote:
> > My suggestion is to frame the issue as: What is reasonable to expect of
> a
> > CA if somebody sees bad stuff going on? How should CA's be notified? What
> > sort of a response is w
On Thursday, 26 May 2016 15:40:35 UTC+1, Peter Kurrasch wrote:
> I might use a perfectly good cert in a "bad" way:
Maybe it's worthwhile to consider what happens instead if we live under a
regime (whether legally enforced or just de facto because of choices made by
browser vendors) where you ca
On Thu, May 26, 2016 at 7:40 AM, Peter Kurrasch wrote:
> My suggestion is to frame the issue as: What is reasonable to expect of a
> CA if somebody sees bad stuff going on? How should CA's be notified? What
> sort of a response is warranted and in what timeframe? What guidelines
> should CA's use
It strikes me that some people might not have a good idea how people use certs to do bad things. As the token bad guy in this forum I'll take it upon myself to share some examples of how I might use a perfectly good cert in a "bad" way:* Create a phishing site to harvest login credentials from u
9 matches
Mail list logo