Re: Web of Trust (a revolution)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 31, 2009 at 12:27:08 +0100,
  Bill Crawford <billcrawford1970@xxxxxxxxx> wrote:
> On Monday 30 March 2009 20:12:45 Bruno Wolff III wrote:
> 
> > CAs that charge extra in order to sign certs that have flag set to
> > indicate that they can sign other certs in subdomains should be boycotted.
> 
> This is actually a rotten idea. If you need internal testing systems, or to 
> dynamically create them as needed, or you want to run shared hosting using SSL 
> (as we do for internal testing, since our application requires SSL enabled) 
> then being able to sign your own sub-domains and / or have a wildcard are 
> pretty much essential.

I was complaining about ripping people off by charging exhorbitant amounts
for signing keys, not that people / orgs shouldn't be able to get them.
Verisign does that to protect revenue, not for security reasons.

> > Sites with self signed certs that prevent passive snooping get treated as
> > the same as going to a site without ssl and not triggering all sorts of
> > inappropriate warnings that look scary and make people jump through hoops
> > to bypass them.
> 
> That's a separate issue; it's a pain, but if a "root" CA updates their keys at 
> any point, older browsers / operating systems may well experience a period 
> of "messages popping up telling me they can't verify the certificate" ...

The procedure would be (in a web of trust model) to sign the the new key
with the old key before it expired so that people would normally see the
new key and save it while the old key is still valid.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux