This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] Questions about the fax the RIPE NCC received from United Against Nuclear Iran (UANI).
- Previous message (by thread): [ncc-services-wg] Questions about the fax the RIPE NCC received from United Against Nuclear Iran (UANI).
- Next message (by thread): [ncc-services-wg] Questions about the fax the RIPE NCC received from United Against Nuclear Iran (UANI).
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michael Markstaller
mm at elabnet.de
Wed Sep 19 18:21:28 CEST 2012
On 19.09.2012 17:49, Wilfried Woeber wrote: > Michael Markstaller wrote: > [...] >> Anyone who thinks it's useful to talk about (long-term!) Root-CA >> services by (RIR)/RIPE? > > Caveat: very personal and non-PC point of view! > > I consider the whole concept of tree-structured CAs an architectural failure. > With that in mind, I do not want to see the NCC drawn into that swamp. It > just increases the NCC's attack surface. > Well, let me draw a little picture of what I'd think of: Currently: - most "trusted" root-CAs in browsers are out of any control, thats bad, big failure (as we can see when they sell certificates to dictators for "monitoring"-purposes) - anyone can get a cert for gurgleme.com ;) I dont trust any of them.. And no user will ever verify fingerprints etc.. Future(?): - After many years, only really trusted, community-controlled (in terms of what they are allowed to do) are accepted anymore, at least in sensitive environments. - Certificates are only given out based on a (human!) decision based on policies, so if he/she is within the net, on the provider (LIR) speaking through etc.. Surely: this needs human resources but when looking at the prices of Verisign etc - these could be easily paid.. >> Instead of commercial instances that just print money and sell them in >> case without anything (just price) to dictators like *.google.com > > Any attempt to manage trust as a commodity and to sell it in a competitive > market, where the majority of customers and consumers (with a broad definition > of both) do not understand the technology and the risks - is doomed to fail. Isn't it somehow our job to think about how to protect the consumer from being a lemming of the industry ? ;) best regards Michael
- Previous message (by thread): [ncc-services-wg] Questions about the fax the RIPE NCC received from United Against Nuclear Iran (UANI).
- Next message (by thread): [ncc-services-wg] Questions about the fax the RIPE NCC received from United Against Nuclear Iran (UANI).
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]