On 01/04/2013 02:45 AM, Amin Sabeti wrote:
One point: Most of the Iranian banks have bought SSL certification from
TurkTrust.
Indeed. And one of the solutions that Mozilla is considering is to limit
Turktrust do .tr and .ir, by using the name extension in X.509.
Ralph
--
Ralph Holz
Network
Another CA has been found issuing SSL certificates for Google services.
Mozilla has acted on the issue:
https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
The weird thing is that it's starting to appear less and less crazy to just
get rid of the CA system
..on Fri, Jan 04, 2013 at 03:09:41AM +0200, Nadim Kobeissi wrote:
Another CA has been found issuing SSL certificates for Google services.
Mozilla has acted on the issue:
https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
The weird thing is that it's
Honestly, a full and transparent audit of all CAs and vendors would be
better. If every CA had to list which sites it had issued certificates
for, a few dozen would probably shake out with fake certs for Google or
Apple.
I don't think Convergence is the solution, unfortunately.
~Griffin
On
Nadim,
I think its about time to have CA´s be peer accredited institutes
(EFF/tor/access now/my brother´s sister´s cousin/ whoever) issuing free
or at least at cost certs. That being said, I don´t think certs are very
good at preventing mitm anyway, that might be the case if a majority of
users
On Thu, Jan 3, 2013 at 5:26 PM, Ruben Bloemgarten ru...@abubble.nl wrote:
you don´t know who I am, but only we know what we´re telling each other.
So essentially you and Nadim are arguing that, since CAs fail some of the
time, we should get rid of the whole system and end up in the same
One point: Most of the Iranian banks have bought SSL certification from
TurkTrust.
Sent from my iPhone
On 4 Jan 2013, at 01:41, Collin Anderson col...@averysmallbird.com wrote:
On Thu, Jan 3, 2013 at 5:26 PM, Ruben Bloemgarten ru...@abubble.nl wrote:
you don´t know who I am, but only we
On 01/04/2013 02:41 AM, Collin Anderson wrote:
On Thu, Jan 3, 2013 at 5:26 PM, Ruben Bloemgarten ru...@abubble.nl
mailto:ru...@abubble.nl wrote:
you don´t know who I am, but only we know what we´re telling each
other.
So essentially you and Nadim are arguing that, since CAs fail