[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The state-level attack on the SSL CA security model

Subject: The state-level attack on the SSL CA security model
From: bora at pnl.gov (Akyol, Bora A)
Date: Fri, 25 Mar 2011 09:19:52 -0700
In-reply-to: <21155.1301069099@localhost>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <21155.1301069099@localhost>

One could argue that you could try something like the facebook model (or facebook itself). I can see it coming.
Facebook web of trust app ;-)

-----Original Message-----
From: Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu] 
Sent: Friday, March 25, 2011 9:05 AM
To: Akyol, Bora A
Cc: Dobbins, Roland; nanog group
Subject: Re: The state-level attack on the SSL CA security model

On Fri, 25 Mar 2011 08:36:12 PDT, "Akyol, Bora A" said:
> Is it far fetched to supplement the existing system with a reputation 
> based  model such as PGP? I apologize if this was discussed before.

That would be great, if you could ensure the following:

1) That Joe Sixpack actually knows enough somebodies who are trustable to sign stuff. (If Joe doesn't know them, then it's not a web of trust, it's just the same old CA).

2) That Joe Sixpack doesn't blindly sign stuff himself (I've had to on occasion scrape unknown signatures off my PGP key on the keyservers, when people I've never heard of before have signed my key "just because somebody they recognized signed it").

The PGP model doesn't work for users who are used to clicking everything they see, whether or not they really should...

Follow-Ups:
- The state-level attack on the SSL CA security model
  - From: dorn at hetzel.org (Dorn Hetzel)
- The state-level attack on the SSL CA security model
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- The state-level attack on the SSL CA security model
  - From: millnert at gmail.com (Martin Millnert)
- The state-level attack on the SSL CA security model
  - From: smb at cs.columbia.edu (Steven Bellovin)

References:
- The state-level attack on the SSL CA security model
  - From: millnert at gmail.com (Martin Millnert)
- The state-level attack on the SSL CA security model
  - From: rdobbins at arbor.net (Dobbins, Roland)
- The state-level attack on the SSL CA security model
  - From: joakim at aronius.se (Joakim Aronius)
- The state-level attack on the SSL CA security model
  - From: rdobbins at arbor.net (Dobbins, Roland)
- The state-level attack on the SSL CA security model
  - From: bora at pnl.gov (Akyol, Bora A)
- The state-level attack on the SSL CA security model
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)

Prev by Date: The state-level attack on the SSL CA security model
Next by Date: The state-level attack on the SSL CA security model
Previous by thread: The state-level attack on the SSL CA security model
Next by thread: The state-level attack on the SSL CA security model
Index(es):
- Date
- Thread