LinkedIn password database compromised

Joe Maimon jmaimon at ttec.com
Fri Jun 8 21:32:51 UTC 2012



David Walker wrote:

> Self signed certificates does sound great and for most purposes,
> certainly in this case, fulfills all the requirements. There's no need
> to verify anything about me is correct other than to tie my
> authentication to my account. If I fail to meet the TOS then the plug
> is easily pulled and any further activity can be dealt with as it
> currently is by other means. I think there's enough risk in bringing
> in a CA and so little advantage that it's wrong.
>


If LinkedIn or facebook or any large social site were to implement x509, 
they would be silly not to cast themselves as the trusted root.

a) its better than self signed

b) now they are an x509 identify provider




More information about the NANOG mailing list