OT: problems with the X.509 PKI business [was: Re: Gcrypt-devel Digest, Vol 66, Issue 5]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Jul 25 04:07:30 CEST 2010

On 07/24/2010 06:37 AM, Milo wrote:
> On 07/24/2010 10:36 AM, gcrypt-devel-request at gnupg.org wrote:
>>> A counterpoint would be that the whole X.509 PKI business is entirely
>>> broken and does not provide any security at all.
>> agreed, sadly.

> "whole X.509 PKI business is broken and does not provide any security at
> all" - very interesting statement. Could you elaborate on that?

For one example, X.509 sets up a situation that encourages centralized,
hierarchical reliance on an unaccountable cabal of Certificate Authorities:



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100724/3b432713/attachment.pgp>

More information about the Gcrypt-devel mailing list