[prev in list] [next in list] [prev in thread] [next in thread] 

List:       twsocket
Subject:    Re: [twsocket] [OT] Re: SSL broken?
From:       "Arno Garrels" <arno.garrels () gmx ! de>
Date:       2011-03-26 18:47:17
Message-ID: C702E4BBC7B74A3BA7C8C61D14DED600 () asus
[Download RAW message or body]

Tobias Rapp wrote:
> I guess the centralized trust model of SSL has been a known problem
> for ages. Don't understand why they try to make so much noise about
> it now. 

Probably because it was a Government attack, those fraudulent 
certificates have been already rejected. But wait ICS currently 
doesn't support revocation lists, neither locally stored nor 
dynamically over the internet.  

> IMO the problem of the alternative model (web of trust) is
> that it lacks the "cash cow" properties and thus is less appealing to
> certificate authorities. 

I do not agree, a secret service is able to get fraudulent certificates
from a web of trust as well. All they have to do is forge dokuments.  

-- 
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
[prev in list] [next in list] [prev in thread] [next in thread]