OT: problems with the X.509 PKI business [was: Re: Gcrypt-devel Digest, Vol 66, Issue 5]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Jul 25 04:07:30 CEST 2010
On 07/24/2010 06:37 AM, Milo wrote:
> On 07/24/2010 10:36 AM, gcrypt-devel-request at gnupg.org wrote:
>
>>> A counterpoint would be that the whole X.509 PKI business is entirely
>>> broken and does not provide any security at all.
>>
>> agreed, sadly.
>
> "whole X.509 PKI business is broken and does not provide any security at
> all" - very interesting statement. Could you elaborate on that?
For one example, X.509 sets up a situation that encourages centralized,
hierarchical reliance on an unaccountable cabal of Certificate Authorities:
http://lair.fifthhorseman.net/~dkg/tls-centralization/
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100724/3b432713/attachment.pgp>
More information about the Gcrypt-devel
mailing list