[linux-elitists] SSL security certificates

billy@damaged-world.net billy@damaged-world.net
Fri Apr 11 00:58:30 PDT 2003


On Thu, Apr 10, 2003 at 06:58:44PM -0700, Aaron T Porter wrote:
> On Thu, Apr 10, 2003 at 05:55:18PM -0700, billy@damaged-world.net wrote:
> > Encryption and identity assertions are really only needed when talking to
> > strangers or over untrusted networks. (modulo storage, a seperate
> > discussion).
> 	The internet is an untrusted network, in many countries down right
> hostile some times.

	Really? I never would have guessed. 

> > If I know you, PGP is fine. However, if I know your brothers friends dope
> > dealer, there is absolutely 0 assurance you are who you say you are. 
> 	Right, the premise is that within $n levels (probably where you
> have $n <= 3) of my key, you'll find signatures that you can give a very
> high trust rating. Probably more like $n < 2.

	Exactly. 

> > *YOU* may be willing to deligate your trust, but there is absolutely no
> > reason for *me* to trust your trust, much less the deligation of that trust. 
> 	But I'm not asking you to blindly trust me. The goal is to find
> people you trust (both in their identity and in their judgement) who will
> seperately vouch for both my identity and my good intentions.

	We're not talking about something used to secure email, a chat
	session, or a VoIP call. We're talking about a freaken WEB
	SERVER CERTIFICATE. 

	I'll bet there's a strong correlation between a persons age and
	their belief in a web of trust. 

-- 
[rock] "is sung, played, and written for the most part by cretinous goons. By 
means of its almost imbecilic reiteration it manages to be the martial music 
of every sideburned delinquent on the face of the earth." 
--Frank "Boring old fart" Sinatra. 



More information about the linux-elitists mailing list