[linux-elitists] SSL security certificates

billy@damaged-world.net billy@damaged-world.net
Thu Apr 10 17:57:48 PDT 2003


On Thu, Apr 10, 2003 at 07:46:53PM -0500, John Bethencourt wrote:
> On Thu, Apr 10, 2003 at 05:36:01PM -0700, billy@damaged-world.net wrote:
> > 	The "web of trust" is even more broken than the Thawte/Verisign
> > 	scam. 
> > 	Once you start delagating assurances like this , you've fucked 
> > 	yourself.
> > 	No one in their right mind would trust it more than they would a
> > 	self-signed certificate. 
> Raph Levien has put some thought into this. In the analysis of his
> protocols, he classifies people (public keys) into three groups, `good',
> `malicious', and `confused'. Good and confused nodes never do anything
> bad directly, but a confused node may sign the key of a malicious node.

	"Good" in what sense? Good as in they understand what a
	key signature *means*, or good as in they desire to do the right
	thing? 


-- 
I tried to tell her about Marx and Engels,
God and Angels 
I don't really know what for
But she looked good in ribbons. 



More information about the linux-elitists mailing list