Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

Gregory Edigarov greg at bestnet.kharkov.ua
Mon Sep 12 15:04:59 UTC 2011


On Mon, 12 Sep 2011 07:53:57 -0700
Michael Thomas <mike at mtcc.com> wrote:

> Randy Bush wrote:
> >> But Gregory is right, you cannot really trust anybody completely.
> >> Even the larger and more respectable commercial organisations will
> >> be unable to resist <insert intel organisation here> when they ask
> >> for dodgy certs so they can intercept something..
> >>
> >> No, as soon as you have somebody who is not yourself in control
> >> without any third party verifiably independent oversight then you
> >> have to carefully define what you mean by trust.
> > 
> > i am having trouble with all this.  i am supposed to only trust
> > myself to identify citibank's web site?  and what to i smoke to get
> > that knowledge?  let's get real here.
> > 
> > with dane, i trust whoever runs dns for citibank to identify the
> > cert for citibank.  this seems much more reasonable than other
> > approaches, though i admit to not having dived deeply into them all.
> 
> It seems to me that this depends a lot on how much you can tolerate
> single points of failure. The current de-trusting is certainly going
> to cause trouble for whoever used that CA, but the internet didn't
> roll over and die either. If the root DNS keys were compromised in an
> all DNS rooted world... unhappiness would ensue in great volume.
> 
> Mike, poison and choices...
> 
let me state clearly what am I writing about:
ok, suppose, there is a site on the internet, that has a certificate
issued by one of the major CAs. how could one know, that certificate
wasn't issued to forged identity?  




More information about the NANOG mailing list