[SSL Observatory] Witnessed Google certificate change again (includes details like certs, CRL...)
ArkanoiD
ark at eltex.net
Wed Jan 19 23:05:06 PST 2011
I agree. So "volatile" certificates are evil, as it breaks any workaround we may design to move away from current flawed trust model.
At least any of those that do not require rebuilding internet PKI from the scratch, limiting trust domain for each authority.
On Wed, Jan 19, 2011 at 04:00:40PM -0800, Chris Palmer wrote:
>
> I want to limit the extent to which we trust crypto and in particular I reject the trusted third party model because third parties tend not to be/cannot be trustworthy from the point of view of parties 1 and 2 (at least not at the same time). Therefore I want SSH-style host authentication only (persistence of cryptographic pseudonym), or any other system with no third party. Andy, as a site operator, wants the flexibility to change cryptographic identities while maintaining a constant real-world identity, and TTPs are one way to get that feature.
>
More information about the Observatory
mailing list