[linux-elitists] SSL security certificates
Mon Apr 14 00:50:41 PDT 2003
On Fri, Apr 11, 2003 at 08:47:41AM -0700, Aaron T Porter wrote:
> On Fri, Apr 11, 2003 at 12:58:30AM -0700, firstname.lastname@example.org wrote:
> > > But I'm not asking you to blindly trust me. The goal is to find
> > > people you trust (both in their identity and in their judgement) who will
> > > seperately vouch for both my identity and my good intentions.
> > We're not talking about something used to secure email, a chat
> > session, or a VoIP call. We're talking about a freaken WEB
> > SERVER CERTIFICATE.
> That's exactly what we're talking about. Web server certs are only
> the most well known use.
Imap doesn't need/require/utilize a web of trust. It is *me*
saying "hey, you wanna use my fucking IMAP server, here's the
fucking certificate". You know what? My IMAP server (for a
different address) listens only on the SSL port. And it talks to
Mutt and Netscape just fine with a self-signed certificate.
As for SMTP, it's the same fucking issue as a web server. I
don't know you, you don't (can't) know me. So you want to refuse
mail from me because I'm not in your web of trust? Or do you
want me to refuse email from you because you're not in mine?
And yes, I realize that the same certificate (or rather the same
kind of key) can be used for email, or any other use. It's not.
People do not, and will not encrypt. Key management is a PITA,
and if it's not, it's useless.
[rock] "is sung, played, and written for the most part by cretinous goons. By
means of its almost imbecilic reiteration it manages to be the martial music
of every sideburned delinquent on the face of the earth."
--Frank "Boring old fart" Sinatra.
More information about the linux-elitists