On 12/12/10 10:22 AM, MFPA wrote: > On Saturday 11 December 2010 at 7:55:25 PM, in > <mid:4d03d72d.1000...@adversary.org>, Ben McGinnes wrote: > >> I don't really want to hijack my own thread, but I've >> always been deeply suspicious of the obvious money grab >> of the CA system of (mainly website) SSL certificates >> and I think alternatives a worth exploring. > > A question on the subject of SSL/TLS certificates and HTTPS: often > there is no user requirement to "authenticate" the identity of the > server, but rather a simple requirement to prevent snooping; why does > this need a certificate?
SSL Certificates have nothing to do with the encryption or security and everything to do with a third party confirmation that the site is owned and operated by the organisation that it says it is. The CAs have managed to carve a nice little niche for themselves by preying on the fears of people who don't understand this and have made that a de-facto standard business practice. Regards, Ben
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
