Re: Free CA

Mon, 12 Jun 2000 12:07:24 -0700 

From: Bill Klein <[EMAIL PROTECTED]>

bill> Richard Levitte wrote:
bill> >Interesting...  I don't quite understand what the preloaded root certs
bill> >have as extra value.  I for one don't really know anyone at Verisign
bill> >or Thawte, and can therefore not give them more trust than anyone else
bill> >that I know more or less nothing about.  For example, I'd rather trust
bill> >a cert for Oscar Jacobsson if it was issued by Celo Communications [1]
bill> >than if it was issued by Thawte, simply because I happen to know that
bill> >Oscar works at Celo, and Celo should at least know something more
bill> >about it's employees than Thawte or Verisign ever would...

Oh, what a beautiful mixup I did there between server and client
certs!  Even got myself confused :-).  However, the fact still
remains, there's no trust path of value to me, the value of certer
certs in themselves is more or less none, except to give the server
and my browser a chance to start an encrypted session, which is
probably fine for most people.  And from that point of view you're
absolutely right, the warning about an unknown CA is just an
annoyance.  But hey, it would be possible for someone to get a
perfectly legal CA cert signed by, Thawte, and then use it to sign a
cert presumably for, oh say, Amazon, and thereby fool a whole bunch of
people.  And in that case, a *silent* browser is a bit more scary to
me.  Setting up a secure channel is nice enough, but authentication is
a different matter, and depending on your level of paranoia, quite a
difficult one at that.

People just don't have that clue yet...  Or maybe I'm just overly
paranoid...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \      SWEDEN       \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis             -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to