[linux-elitists] SSL security certificates

billy@damaged-world.net billy@damaged-world.net
Mon Apr 14 00:50:41 PDT 2003


On Fri, Apr 11, 2003 at 08:47:41AM -0700, Aaron T Porter wrote:
> On Fri, Apr 11, 2003 at 12:58:30AM -0700, billy@damaged-world.net wrote:
> > > 	But I'm not asking you to blindly trust me. The goal is to find
> > > people you trust (both in their identity and in their judgement) who will
> > > seperately vouch for both my identity and my good intentions.
> > 	We're not talking about something used to secure email, a chat
> > 	session, or a VoIP call. We're talking about a freaken WEB
> > 	SERVER CERTIFICATE. 
> 	That's exactly what we're talking about. Web server certs are only
> the most well known use.
> 	http://www.google.com/search?q=smtp+tls
> 	http://www.google.com/search?q=imap+ssl

	Imap doesn't need/require/utilize a web of trust. It is *me*
	saying "hey, you wanna use my fucking IMAP server, here's the
	fucking certificate". You know what? My IMAP server (for a
	different address) listens only on the SSL port. And it talks to
	Mutt and Netscape just fine with a self-signed certificate. 

	As for SMTP, it's the same fucking issue as a web server. I
	don't know you, you don't (can't) know me. So you want to refuse
	mail from me because I'm not in your web of trust? Or do you
	want me to refuse email from you because you're not in mine? 

	And yes, I realize that the same certificate (or rather the same
	kind of key) can be used for email, or any other use. It's not.
	People do not, and will not encrypt. Key management is a PITA,
	and if it's not, it's useless. 

-- 
[rock] "is sung, played, and written for the most part by cretinous goons. By 
means of its almost imbecilic reiteration it manages to be the martial music 
of every sideburned delinquent on the face of the earth." 
--Frank "Boring old fart" Sinatra. 



More information about the linux-elitists mailing list