[Noisebridge-discuss] New SSL key for noisebridge
Chris Palmer
chris at noncombatant.org
Thu Jan 29 04:51:57 UTC 2009
Jacob Appelbaum writes:
> Holy no-gods! What the fuck is that?! Seriously? Is there a changelog
> entry that documents this insertion or removal?
It's been there for years, and is gone in FF 3. In the grand scheme of
things, it's no worse than having the French defense department in there
(and they are).
If anything, it's bad that they removed it: It shows that someone did
finally look, and they affirmatively thought it's ok to leave all the
governments, long-extinct businesses, preschools, et al. in.
MS did a similar review for Vista/Server 2008, and removed tons of CAs. The
Vista cert store is far smaller. Not that that helps, since one of the ones
they kept was signing with MD5, as you found -- but still...
> (I think I agree with Peter Gutman when he says that X.509 was a nice try
> but 30 years of this brain damage is enough.)
X.509 is a joke, but then this whole idea of trusting many people to mediate,
with equal power, all my online relationships... Like I said, the SSH model
makes less unsense[1].
And still more, this is far better than most open source SSL-using
applications.
[1] Just yell ,,UNSINN!!!'' into your bathroom mirror 100 times. You'll feel
better, I promise.
--
http://www.noncombatant.org/
http://hemiolesque.blogspot.com/
More information about the Noisebridge-discuss
mailing list