The state-level attack on the SSL CA security model

Dorn Hetzel dorn at
Fri Mar 25 11:24:20 CDT 2011

Not entirely unreasonable.  A button for "friend" and then one for "trusted
friend" :)

On Fri, Mar 25, 2011 at 12:19 PM, Akyol, Bora A <bora at> wrote:

> One could argue that you could try something like the facebook model (or
> facebook itself). I can see it coming.
> Facebook web of trust app ;-)
> -----Original Message-----
> From: Valdis.Kletnieks at [mailto:Valdis.Kletnieks at]
> Sent: Friday, March 25, 2011 9:05 AM
> To: Akyol, Bora A
> Cc: Dobbins, Roland; nanog group
> Subject: Re: The state-level attack on the SSL CA security model
> On Fri, 25 Mar 2011 08:36:12 PDT, "Akyol, Bora A" said:
> > Is it far fetched to supplement the existing system with a reputation
> > based  model such as PGP? I apologize if this was discussed before.
> That would be great, if you could ensure the following:
> 1) That Joe Sixpack actually knows enough somebodies who are trustable to
> sign stuff. (If Joe doesn't know them, then it's not a web of trust, it's
> just the same old CA).
> 2) That Joe Sixpack doesn't blindly sign stuff himself (I've had to on
> occasion scrape unknown signatures off my PGP key on the keyservers, when
> people I've never heard of before have signed my key "just because somebody
> they recognized signed it").
> The PGP model doesn't work for users who are used to clicking everything
> they see, whether or not they really should...

More information about the NANOG mailing list