[ncc-services-wg] Questions about the fax the RIPE NCC received from United Against Nuclear Iran (UANI).
- Previous message (by thread): [ncc-services-wg] Questions about the fax the RIPE NCC received from United Against Nuclear Iran (UANI).
- Next message (by thread): [ncc-services-wg] Questions about the fax the RIPE NCC received from United Against Nuclear Iran (UANI).
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michael Markstaller
mm at elabnet.de
Wed Sep 19 18:21:28 CEST 2012
On 19.09.2012 17:49, Wilfried Woeber wrote: > Michael Markstaller wrote: > [...] >> Anyone who thinks it's useful to talk about (long-term!) Root-CA >> services by (RIR)/RIPE? > > Caveat: very personal and non-PC point of view! > > I consider the whole concept of tree-structured CAs an architectural failure. > With that in mind, I do not want to see the NCC drawn into that swamp. It > just increases the NCC's attack surface. > Well, let me draw a little picture of what I'd think of: Currently: - most "trusted" root-CAs in browsers are out of any control, thats bad, big failure (as we can see when they sell certificates to dictators for "monitoring"-purposes) - anyone can get a cert for gurgleme.com ;) I dont trust any of them.. And no user will ever verify fingerprints etc.. Future(?): - After many years, only really trusted, community-controlled (in terms of what they are allowed to do) are accepted anymore, at least in sensitive environments. - Certificates are only given out based on a (human!) decision based on policies, so if he/she is within the net, on the provider (LIR) speaking through etc.. Surely: this needs human resources but when looking at the prices of Verisign etc - these could be easily paid.. >> Instead of commercial instances that just print money and sell them in >> case without anything (just price) to dictators like *.google.com > > Any attempt to manage trust as a commodity and to sell it in a competitive > market, where the majority of customers and consumers (with a broad definition > of both) do not understand the technology and the risks - is doomed to fail. Isn't it somehow our job to think about how to protect the consumer from being a lemming of the industry ? ;) best regards Michael
- Previous message (by thread): [ncc-services-wg] Questions about the fax the RIPE NCC received from United Against Nuclear Iran (UANI).
- Next message (by thread): [ncc-services-wg] Questions about the fax the RIPE NCC received from United Against Nuclear Iran (UANI).
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]