[SSL Observatory] Number of CAs

Phillip Hallam-Baker hallam at gmail.com
Wed Dec 7 18:27:59 PST 2011 

If you think 50 CAs is too many then make your case based on the number
there is support for rather than inflating it.

On Wed, Dec 7, 2011 at 4:09 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net>wrote:

> On 12/07/2011 03:43 PM, Phillip Hallam-Baker wrote:
> > What the CAs are willing to do and what they can do are likely to be two
> > different things.
> >
> > The problem that comes up is that if CA X has created an intermediary for
> > an external organization it is going to be for a customer. That customer
> > relationship is going to be governed by a contract and the terms of that
> > agreement may not have anticipated revealing the information at issue.
>
> The trouble appears to be that the people put at risk by these secret
> intermediaries are the relying parties, who are not the CA's customers.
>
> It sounds to me like you're saying the incentives underlying the CA
> model are fundamentally broken, but it's possible that i'm just
> projecting what i already believe onto your statement.
>
> Do you think the incentives underlying the current CA model are broken?
>
> > I expect this to be fixed, but fixing it is far from simple.
>
> Does your expectation of a fix include a realignment of the incentives?
>  If so, I'm sure i'm not the only person on this list who would be
> interested in hearing the details.
>
> I appreciate your willingness to engage in constructive dialog in public
> about how to address these problems.  It's commendable, and i wish more
> CA representatives were as willing to confront the situation.
>
> Regards,
>
>        --dkg
>
> PS i consider haggling over whether there are 50 possible weakest-links
> or 650 possible weakest-links to be kind of a distraction.  Even 50 is
> still far too large for a weakest-link component in a system, and of
> course i (and everyone else, ttbomk) actually have no idea how many
> not-publicly-visible intermediate CAs might already exist.  But I'd be
> willing to pretend that the number is 50 if it meant we could focus
> discussion on the systemic issues instead of on the count.
>
>


-- 
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/observatory/attachments/20111207/c0763c31/attachment.html>

More information about the Observatory mailing list