From owner-freebsd-questions@FreeBSD.ORG Wed Jan 7 07:23:27 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B32B106566B for ; Wed, 7 Jan 2009 07:23:27 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from outbound-mail-04.bluehost.com (outbound-mail-04.bluehost.com [69.89.21.14]) by mx1.freebsd.org (Postfix) with SMTP id EB5F18FC18 for ; Wed, 7 Jan 2009 07:23:26 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 23338 invoked by uid 0); 7 Jan 2009 07:23:28 -0000 Received: from unknown (HELO box183.bluehost.com) (69.89.25.183) by outboundproxy1.bluehost.com with SMTP; 7 Jan 2009 07:23:28 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=apotheon.com; h=Received:Received:Date:From:To:Subject:Message-ID:Mail-Followup-To:References:Mime-Version:Content-Type:Content-Disposition:In-Reply-To:User-Agent:X-Identified-User; b=VV9R+DS6j7rSWqqEmV/PyTYZZsswhXXRuT0aqp+hkdbCWj/FfNryOmp8rEuv0lWQwsr3iQY8qS/t1Vmg5HpMXqQ0HU2iAn0oSzdZemfen9ckwtNUbDREoChFUxwAIasS; Received: from c-24-8-180-234.hsd1.co.comcast.net ([24.8.180.234] helo=kokopelli.hydra) by box183.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1LKSlE-0000dw-E9 for freebsd-questions@freebsd.org; Wed, 07 Jan 2009 00:23:28 -0700 Received: by kokopelli.hydra (sSMTP sendmail emulation); Wed, 7 Jan 2009 00:22:27 -0700 Date: Wed, 7 Jan 2009 00:22:27 -0700 From: Chad Perrin To: freebsd-questions@freebsd.org Message-ID: <20090107072227.GA84869@kokopelli.hydra> Mail-Followup-To: freebsd-questions@freebsd.org References: <20090102164412.GA1258@phenom.cordula.ws> <20090106102124.O34151@wojtek.tensor.gdynia.pl> <20090106193126.GA82164@kokopelli.hydra> <200901061111.52155.fbsd.questions@rachie.is-a-geek.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7AUc2qLy4jB3hD7Z" Content-Disposition: inline In-Reply-To: <200901061111.52155.fbsd.questions@rachie.is-a-geek.net> User-Agent: Mutt/1.4.2.3i X-Identified-User: {737:box183.bluehost.com:apotheon:apotheon.org} {sentby:smtp auth 24.8.180.234 authed with ren@apotheon.org} Subject: Re: Foiling MITM attacks on source and ports trees X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jan 2009 07:23:27 -0000 --7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 06, 2009 at 11:11:52AM -0900, Mel wrote: > On Tuesday 06 January 2009 10:31:26 Chad Perrin wrote: > > > > Out-of-band corroboration of a certificate's authenticity is kind of > > necessary to the security model of SSL/TLS. A self-signed certificate, > > in and of itself, is not really sufficient to ensure the absence of a m= an > > in the middle attack or other compromise of the system. > > > > On the other hand, I don't trust Verisign, either. >=20 > In the less virtual world, we only trust governments to provide identity= =20 > papers (manufactured by companies, but still the records are kept and=20 > verified by a government entity). > Instead of trying to regulate the internet and provide a penal system,=20 > governments would do much better taking their responsibility on these iss= ues.=20 > It shouldn't be so hard to give every citizen the option to "get an onlin= e=20 > certificate corresponding with their passport" and similarly for Chambers= of=20 > Commerce to provide certificates for businesses. My distrust of of the certifying authority is not mitigated by replacing Verisign with FedCorp. Institutional incompetence is typically a result of bureaucracy -- and even major corporations don't get as mired in bureaucracy as government. --=20 Chad Perrin [ content licensed OWL: http://owl.apotheon.org ] Quoth Bill McKibben: "The laws of Congress and the laws of physics have grown increasingly divergent, and the laws of physics are not likely to yield." --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAklkWDMACgkQ9mn/Pj01uKVqZgCgwymgSairBKRJUf8zZ/zrMiUI DMUAn1GmmlW7+UIlxk3meXkP3exEwIK0 =pwIl -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z--