Tobias Rapp wrote:
> I guess the centralized trust model of SSL has been a known problem
> for ages. Don't understand why they try to make so much noise about
> it now.
Probably because it was a Government attack, those fraudulent
certificates have been already rejected. But wait ICS currently
doesn't support revocation lists, neither locally stored nor
dynamically over the internet.
> IMO the problem of the alternative model (web of trust) is
> that it lacks the "cash cow" properties and thus is less appealing to
> certificate authorities.
I do not agree, a secret service is able to get fraudulent certificates
from a web of trust as well. All they have to do is forge dokuments.
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be