[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The state-level attack on the SSL CA security model

Subject: The state-level attack on the SSL CA security model
From: smb at cs.columbia.edu (Steven Bellovin)
Date: Sat, 26 Mar 2011 13:48:27 -0400
In-reply-to: <C9B3C233.9A5%[email protected]>
References: <C9B3C233.9A5%[email protected]>

On Mar 26, 2011, at 12:21 12AM, Franck Martin wrote:

> 
> 
> On 3/26/11 15:36 , "Joe Sniderman" <joseph.sniderman at thoroquel.org> wrote:
> 
>> On 03/25/2011 11:12 PM, Steven Bellovin wrote:
>>> 
>>> On Mar 25, 2011, at 12:19 52PM, Akyol, Bora A wrote:
>>> 
>>>> One could argue that you could try something like the facebook
>>>> model (or facebook itself). I can see it coming. Facebook web of
>>>> trust app ;-)
>>>> 
>>> Except, of course, for the fact that people tend to have hundreds of
>>> "friends", many of whom they don't know at all, and who achieved that
>>> status simply by asking.  You need a much stronger notion of
>>> interaction, to say nothing of what the malware in your "friends'"
>>> computers are doing to simulate such interaction.
>> 
>> Then again there are all the "friend us for a chance to win $prize"
>> gimmicks... not a far jump to "friend us, _with trust bits enabled_ for
>> a chance to win $prize"
>> 
>> Yeah sounds like a wonderful idea. :P
> 
> Wasn't PGP based on a web of trust too?
> 
Yes -- see Valdis' posting on that: http://mailman.nanog.org/pipermail/nanog/2011-March/034651.html


		--Steve Bellovin, http://www.cs.columbia.edu/~smb

References:
- The state-level attack on the SSL CA security model
  - From: fmartin at linkedin.com (Franck Martin)

Prev by Date: ICANN approves .XXX red-light district for the Internet
Next by Date: The state-level attack on the SSL CA security model
Previous by thread: The state-level attack on the SSL CA security model
Next by thread: The state-level attack on the SSL CA security model
Index(es):
- Date
- Thread