On 2013-12-16 15:31, Phillip Hallam-Baker wrote: > > > > On Mon, Dec 16, 2013 at 1:32 AM, Leif Johansson <le...@mnt.se > <mailto:le...@mnt.se>> wrote: > > > > 16 dec 2013 kl. 03:21 skrev Phillip Hallam-Baker <hal...@gmail.com > <mailto:hal...@gmail.com>>: > >> >> >> >> On Sun, Dec 15, 2013 at 8:50 PM, Tao Effect >> <cont...@taoeffect.com <mailto:cont...@taoeffect.com>> wrote: >> >>> And for someone who is accusing others of being >>> 'fraudulent', not a good move to start off repeating figures >>> already exposed as bogus like the oft repeated but still >>> untrue claim of 600 CAs. >> >> I thought the EFF was a reputable source. >> >> There has been no update or correction to their >> post: https://www.eff.org/deeplinks/2011/10/how-secure-https-today >> >> >> Which kind of calls their credibility into question. HALF the >> 'CAs' in their graph are from the DFN root. You can check that >> out for yourself, it is a German CA that issues certs to higher >> education institutions. As has been demonstrated (and agreed by >> the EFF people), DFN do not sign certs for key signing keys they >> do not hold. >> > > yep, DFN is a 'private' sub-CA under tight control but it could > still be attacked the way diginotar was and though I believe their > secuity is a lot better than their less fortunate Dutch cousins, a > successful attack would be just as bad. > > > > That does not excuse > > 1) Failing to examine the issue when the DFN root accounted for half > of the purported '600 CAs' > > 2) Continuing to count the DFN as 300 CAs when they know it is one. >
agree > > Putting out sloppy research and then failing to correct it when a > mistake is committed is the problem. If someone publishes a flawed > study I expect them to withdraw it when the errors are pointed out. I > don't expect them to say that they are going to continue to publish a > number they know is out by a factor of at least 2 because getting a > correct number would be too much work. > > If people are going to make pointed accusations about the > trustworthiness of others then they had better not continue to > knowingly publish false data. > > > As with the 'Al Gore claimed to invent the internet' lie, this has > become a zombie lie that is repeated to make a political point by > people who don't really care if what they are saying is true or not. > > I think that is a problem. And I am going to continue to point out > that the EFF is peddling a lie until they withdraw it. > > -- > Website: http://hallambaker.com/
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey