[linux-elitists] SSL security certificates

John Bethencourt bethenco@upl.cs.wisc.edu
Thu Apr 10 17:46:53 PDT 2003


On Thu, Apr 10, 2003 at 05:36:01PM -0700, billy@damaged-world.net wrote:
> 
> 	The "web of trust" is even more broken than the Thawte/Verisign
> 	scam. 
> 
> 	Once you start delagating assurances like this , you've fucked 
> 	yourself.
> 
> 	No one in their right mind would trust it more than they would a
> 	self-signed certificate. 

Raph Levien has put some thought into this. In the analysis of his
protocols, he classifies people (public keys) into three groups, `good',
`malicious', and `confused'. Good and confused nodes never do anything
bad directly, but a confused node may sign the key of a malicious node.

John Bethencourt



More information about the linux-elitists mailing list