Re: Web of Trust (a revolution)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bill Crawford wrote:

On Monday 30 March 2009 20:12:45 Bruno Wolff III wrote:

On Mon, Mar 30, 2009 at 13:46:02 -0400,

  Todd Denniston <Todd.Denniston@xxxxxxxxxxxxxxxxxx> wrote:

i.e., sure all the root CA's that the browser producers want to include
can come in, but they should have trust DBs that allow each user to tick:
* Never trust this key. (and by extension anything it has signed. Perhaps
with a pop up indicating 'the sig is ok, according to bla, but bla is a
known idiot.')
* Marginal trust. (pop up something saying 'the sig is ok, according to
bla, but you are uncomfortable with bla.')
* Fully trust. (operate as CA's in web browsers since they started
getting CA's.)

And by default (as released by the browser producers) the keys should be
set to either Never or Marginal.

I'd rather see more of a web of trust type model. Right now you can only
have one chain of certificates. So you can't have a cert signed by multiple
roots.
Ought to be possible for people to visit companies' offices and sign their keys, and add them to the "web of trust" as per PGP / GPG keys. No idea if / how that should be done, in practice, though.
Difficult at best, who wants to trust a faceless corporation? Not to be cynical but you might trust the receptionist but what about the IT dept? Are they competent? Money is no guarantee of anything, in fact the larger the company the more likely they will let something slip through the cracks. Companies all say they are secure and trustworthy, but who is hiring these people? Are their background checks? Should there be? Probably they outsource that and then you have to see if you can trust that company too. The main problem is that so much gets outsourced so dept head A doesn't have to worry about it but who is checking that this other company is doing it right? Its an endless cycle of paranoia. 



--
"Any fool can know. The point is to understand" --Albert Einstein

Bored??
http://fiction.wikia.com/wiki/Fuqwit1.0

http://fiction.wikia.com/wiki/Coding_the_Magic_into_the_Eight_Ball

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux