[p2p-hackers] P2P Authentication

[Lucas Gonze]

Kerry Bonin wrote:

> Misbehaving CA proxies present no threat other than revealing of the 
> CA IPs, as any peer can know immediately if a CA is valid by examining 
> its certificate or the trust chain of an issued cert.  If the list of 
> trusted roots is distributed w/ the original application, or if the 
> CAs derive from an OS installed trusted root, it is impossible to 
> impersonate one without first obtaining the private keys of one of the 
> CAs.

If CAs are willing to issue new certs on demand and the goal is 
detecting attackers, a CA-signed certificate is the same as a 
self-signed one.