[SSL Observatory] Number of CAs
Jacob Appelbaum
jacob at appelbaum.net
Thu Dec 8 10:34:36 PST 2011
On 12/08/2011 09:44 AM, Ben Wilson wrote:
> I think this group needs to define the problem more accurately. If you are
> not saying it is the sheer number of CAs, then are you saying it is an issue
> of control and auditability? It seems that you are groping at the problem
> without clearly explaining what it is. I think what some of you are saying
> is that you are concerned about the control over use of the CA keys that you
> trust. If that is the issue, then it needs to be presented directly that
> way so that the solution can be directed to the problem. It reminds me of
> the patient who expects the doctor to diagnose the illness by merely saying
> that his belly hurts.
>
The key problem is simple to comprehend. Any party may assert truth
without any reasonable possibility for the client to know if this
assertion is not malicious.
This problem is exacerbated by the sheer number of parties who are able
to make such an assertion and their hilariously bad transparency even in
the face of total compromise.
There are other related issues.
All the best,
Jacob
More information about the Observatory
mailing list