[linux-elitists] SSL security certificates
Thu Apr 10 17:36:01 PDT 2003
On Thu, Apr 10, 2003 at 03:52:01PM -0700, Aaron T Porter wrote:
> On Thu, Apr 10, 2003 at 03:30:52PM -0700, Rick Moen wrote:
> > And before someone suggests it yet again: The biggest reason there
> > isn't a cheap or free geek collective to run a certificate authority
> > with the aim of getting it included in common Web browsers is legal
> > liability.
> While being included in common web browsers may not be a
> reasonable/desireable goal, I have been thinking about setting up a "free
> geek collective" certificate authority.
> What I'm imagining is a system that uses a PGP/GPG ring of trust
> to establish identity and then building some sort of a "Six Degrees"
> social network to establish the validity of a certificate request. I'm
> still not 100% certain that a reliable network of trusted friends would be
> large enough to be of general use or if opening a private group certificate
> authority to the public is a fantastic idea, but I'm think it might work.
The "web of trust" is even more broken than the Thawte/Verisign
Once you start delagating assurances like this , you've fucked
No one in their right mind would trust it more than they would a
"Fiat justitia et ruat caelum"
(Let justice be done though the heavens fall.)
--legal maxim originating with the Senate of Rome.
More information about the linux-elitists