LinkedIn password database compromised

-Hammer- bhmccie at gmail.com
Thu Jun 7 20:31:38 UTC 2012


Thank you for educating without insulting. Always professional Owen. 
It's appreciated.

-Hammer-

"I was a normal American nerd"
-Jack Herer



On 6/7/2012 3:18 PM, Owen DeLong wrote:
> A proper CA does not have your business or personal keys, they merely
> sign them and attest to the fact that they actually represent you. You are
> free to seek and obtain such validation from any and as many parties as
> you see fit.
>
> At no point should any CA be given your private key data. They merely
> use their private key to encrypt a hash of your public key and other data
> to indicate that your private key is bound to your other data.
>
> You trust DMV/Passport Agency/etc. to validate your identity in the form
> of your government issued ID credentials, right?
>
> That doesn't give DMV/Passport Agency/etc. control over your face, but,
> it does allow them to indicate to others that your face is tied to your
> name, date of birth, etc.
>
> Owen
>
> On Jun 7, 2012, at 1:04 PM, -Hammer- wrote:
>
>> I gotta agree with Aaron here. What would be my motivation to "trust" an open and public infrastructure? With my business or personal keys?
>>
>> -Hammer-
>>
>> "I was a normal American nerd"
>> -Jack Herer
>>
>>
>>
>> On 6/7/2012 2:37 PM, Aaron C. de Bruyn wrote:
>>> On Thu, Jun 7, 2012 at 12:24 PM, Owen DeLong<owen at delong.com>   wrote:
>>>>> Heck no to X.509.  We'd run into the same issue we have right now--a
>>>>> select group of companies charging users to prove their identity.
>>>> Not if enough of us get behind CACERT.
>>> Yet again, another org (free or not) that is holding my identity hostage.
>>> Would you give cacert your SSH key and use them to log in to your
>>> Linux servers?  I'd bet most *nix admins would shout "hell no!"
>>>
>>> So why would you make them the gateway for your online identity?
>>>
>>> -A
>>>
>>>
>




More information about the NANOG mailing list