On 19.09.2012 17:49, Wilfried Woeber wrote:
Michael Markstaller wrote: [...]
Anyone who thinks it's useful to talk about (long-term!) Root-CA services by (RIR)/RIPE?
Caveat: very personal and non-PC point of view!
I consider the whole concept of tree-structured CAs an architectural failure. With that in mind, I do not want to see the NCC drawn into that swamp. It just increases the NCC's attack surface.
Well, let me draw a little picture of what I'd think of: Currently: - most "trusted" root-CAs in browsers are out of any control, thats bad, big failure (as we can see when they sell certificates to dictators for "monitoring"-purposes) - anyone can get a cert for gurgleme.com ;) I dont trust any of them.. And no user will ever verify fingerprints etc.. Future(?): - After many years, only really trusted, community-controlled (in terms of what they are allowed to do) are accepted anymore, at least in sensitive environments. - Certificates are only given out based on a (human!) decision based on policies, so if he/she is within the net, on the provider (LIR) speaking through etc.. Surely: this needs human resources but when looking at the prices of Verisign etc - these could be easily paid..
Instead of commercial instances that just print money and sell them in case without anything (just price) to dictators like *.google.com
Any attempt to manage trust as a commodity and to sell it in a competitive market, where the majority of customers and consumers (with a broad definition of both) do not understand the technology and the risks - is doomed to fail.
Isn't it somehow our job to think about how to protect the consumer from being a lemming of the industry ? ;) best regards Michael