[oss-security] Re: 0xdeadbeef comes of age: making keysteak with GnuPG
flapflap
flapflap at riseup.net
Fri Oct 10 20:45:24 CEST 2014
Daniel Kahn Gillmor:
> On 10/10/2014 12:23 PM, Daniel Kahn Gillmor wrote:
>> On 10/10/2014 12:01 PM, David Leon Gil wrote:
>>>> (While I know that if a root CA were caught intentionally issuing an
>>>> MitM cert for keybase.io or pgp.mit.edu would face likely
>>>> delisting/bankruptcy.)
>> I'd like to believe that also, but i think that some of the members of
>> the CA cartel might be "too big to fail" in the current infrastructure.
>> There's no chance that the CA will go bankrupt if they aren't delisted
>> (since the CA market is a lemon market), and every web site certified by
>> the bigger CAs has an incentive to argue against that CAs' delisting
>> (because it will break their web site).
>
> And, even when we can burn a small CA, the larger organization often
> carries on unharmed:
>
> http://www.links.org/?p=1268
>
> --dkg
if interested, see also
https://en.wikipedia.org/wiki/Comodo_Group#Controversies
and about the first 12min of Moxie Marlinspike's talk (regarding COMODO)
https://www.youtube.com/watch?v=Z7Wl2FW2TcA
~flapflap
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141010/aa1d3251/attachment-0001.sig>
More information about the Gnupg-devel
mailing list