[Noisebridge-discuss] New SSL key for noisebridge
Christie Dudley
longobord at gmail.com
Wed Jan 28 23:16:43 UTC 2009
On Wed, Jan 28, 2009 at 2:53 PM, Jacob Appelbaum <jacob at appelbaum.net>wrote:
> Hi,
>
> If it isn't clear, I think that (SSL/X.509) commercial certificate
> signing is a total racket. It's dominated by a bunch of cartels (such as
> Verisign) who pay big bucks to get their root into browsers and into
> shipping operating systems. The certification processes are flawed and
> they speak nothing of trust in a meaningful way.
Perhaps this is really bikeshedding but... That reminds me of the bond
insurance crisis that happened last fall, where organizations (often cities,
churches, schools, etc) paid millions to improve the ratings of bonds they
issued only to have the companies that back up them (like AIG)
catastrophically downgrading them by having their own credibility degraded.
Bonds issued wound up being close to worthless. A lot of public works
projects got the plug pulled while taxpayers wound up having to foot the
bill because of all these expensive, useless policies.
I think that if we're going to keep playing "use-certs-signed-by-a-ca"
> we should use CA Cert:
> http://www.cacert.org/
>
> Unless we want to give the cartels money to tell us that we're safe when
> there's next to nothing backing it up, I suggest we go with CA Cert.
Sounds wise to me.
Christie
--
I've had a lot of regrets in my life, but most of them have to do with
things I never tried.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20090128/98aef659/attachment-0003.html>
More information about the Noisebridge-discuss
mailing list