Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

Michael Thomas mike at mtcc.com
Mon Sep 12 14:53:57 UTC 2011

Randy Bush wrote:
>> But Gregory is right, you cannot really trust anybody completely. Even
>> the larger and more respectable commercial organisations will be
>> unable to resist <insert intel organisation here> when they ask for
>> dodgy certs so they can intercept something..
>> No, as soon as you have somebody who is not yourself in control
>> without any third party verifiably independent oversight then you have
>> to carefully define what you mean by trust.
> i am having trouble with all this.  i am supposed to only trust myself
> to identify citibank's web site?  and what to i smoke to get that
> knowledge?  let's get real here.
> with dane, i trust whoever runs dns for citibank to identify the cert
> for citibank.  this seems much more reasonable than other approaches,
> though i admit to not having dived deeply into them all.

It seems to me that this depends a lot on how much you can tolerate single
points of failure. The current de-trusting is certainly going to cause trouble
for whoever used that CA, but the internet didn't roll over and die either.
If the root DNS keys were compromised in an all DNS rooted world... unhappiness
would ensue in great volume.

Mike, poison and choices...

More information about the NANOG mailing list