No argument about that at all. Owen
On Jun 7, 2012, at 2:26 PM, Matthew Kaufman wrote: > It also allows them to sign anyone they want as someone pretending to be you, > but with a different key pair. > > Just like the DMV could, if it wanted to (or was ordered to) issue a drivers > license with my name and DL number but an FBI agent's photo and thumbprint > associated. > > You'd want your logins to be at sites that only trusted CAs that you trusted > to not do this... for HTTPS we're already way over that line I'm afraid. > > Matthew Kaufman > > (Sent from my iPhone) > > On Jun 7, 2012, at 1:18 PM, Owen DeLong <o...@delong.com> wrote: > >> A proper CA does not have your business or personal keys, they merely >> sign them and attest to the fact that they actually represent you. You are >> free to seek and obtain such validation from any and as many parties as >> you see fit. >> >> At no point should any CA be given your private key data. They merely >> use their private key to encrypt a hash of your public key and other data >> to indicate that your private key is bound to your other data. >> >> You trust DMV/Passport Agency/etc. to validate your identity in the form >> of your government issued ID credentials, right? >> >> That doesn't give DMV/Passport Agency/etc. control over your face, but, >> it does allow them to indicate to others that your face is tied to your >> name, date of birth, etc. >> >> Owen >> >> On Jun 7, 2012, at 1:04 PM, -Hammer- wrote: >> >>> I gotta agree with Aaron here. What would be my motivation to "trust" an >>> open and public infrastructure? With my business or personal keys? >>> >>> -Hammer- >>> >>> "I was a normal American nerd" >>> -Jack Herer >>> >>> >>> >>> On 6/7/2012 2:37 PM, Aaron C. de Bruyn wrote: >>>> On Thu, Jun 7, 2012 at 12:24 PM, Owen DeLong<o...@delong.com> wrote: >>>>>> Heck no to X.509. We'd run into the same issue we have right now--a >>>>>> select group of companies charging users to prove their identity. >>>>> Not if enough of us get behind CACERT. >>>> Yet again, another org (free or not) that is holding my identity hostage. >>>> Would you give cacert your SSH key and use them to log in to your >>>> Linux servers? I'd bet most *nix admins would shout "hell no!" >>>> >>>> So why would you make them the gateway for your online identity? >>>> >>>> -A >>>> >>>> >> >>
