The state-level attack on the SSL CA security model

Steven Bellovin smb at cs.columbia.edu
Sat Mar 26 12:48:27 CDT 2011


On Mar 26, 2011, at 12:21 12AM, Franck Martin wrote:

> 
> 
> On 3/26/11 15:36 , "Joe Sniderman" <joseph.sniderman at thoroquel.org> wrote:
> 
>> On 03/25/2011 11:12 PM, Steven Bellovin wrote:
>>> 
>>> On Mar 25, 2011, at 12:19 52PM, Akyol, Bora A wrote:
>>> 
>>>> One could argue that you could try something like the facebook
>>>> model (or facebook itself). I can see it coming. Facebook web of
>>>> trust app ;-)
>>>> 
>>> Except, of course, for the fact that people tend to have hundreds of
>>> "friends", many of whom they don't know at all, and who achieved that
>>> status simply by asking.  You need a much stronger notion of
>>> interaction, to say nothing of what the malware in your "friends'"
>>> computers are doing to simulate such interaction.
>> 
>> Then again there are all the "friend us for a chance to win $prize"
>> gimmicks... not a far jump to "friend us, _with trust bits enabled_ for
>> a chance to win $prize"
>> 
>> Yeah sounds like a wonderful idea. :P
> 
> Wasn't PGP based on a web of trust too?
> 
Yes -- see Valdis' posting on that: http://mailman.nanog.org/pipermail/nanog/2011-March/034651.html


		--Steve Bellovin, http://www.cs.columbia.edu/~smb









More information about the NANOG mailing list