Tobias Rapp wrote:
> I guess the centralized trust model of SSL has been a known problem
> for ages. Don't understand why they try to make so much noise about
> it now. 

Probably because it was a Government attack, those fraudulent 
certificates have been already rejected. But wait ICS currently 
doesn't support revocation lists, neither locally stored nor 
dynamically over the internet.  

> IMO the problem of the alternative model (web of trust) is
> that it lacks the "cash cow" properties and thus is less appealing to
> certificate authorities. 

I do not agree, a secret service is able to get fraudulent certificates
from a web of trust as well. All they have to do is forge dokuments.  

Arno Garrels
To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to