[SSL Observatory] SSL CA compromise in the wild

Chris Palmer chris at eff.org
Wed Mar 23 09:28:31 PDT 2011


On 03/23/2011 08:52 AM, Matt McCutchen wrote:

> The SSH "model" is a cop-out.

Its problems are significantly less bad than the status quo. Right now,
anyone who controls any one of the 1,400+ signing certificates (~650
organizations, many of them proven not to practice even basic sanity
checking on what they sign, and now at least one affirmatively pwned)
can own the entire internet.

Obviously, The True Internet Authentication Scheme will be better than
SSH. But we could do a lot worse than adopting the SSH model in the
medium term.


-- 
Chris Palmer
Technology Director, Electronic Frontier Foundation
https://www.eff.org/code



More information about the Observatory mailing list