Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 7 Jan 2009 00:22:27 -0700
From:      Chad Perrin <>
Subject:   Re: Foiling MITM attacks on source and ports trees
Message-ID:  <20090107072227.GA84869@kokopelli.hydra>
In-Reply-To: <>
References:  <> <> <20090106193126.GA82164@kokopelli.hydra> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jan 06, 2009 at 11:11:52AM -0900, Mel wrote:
> On Tuesday 06 January 2009 10:31:26 Chad Perrin wrote:
> >
> > Out-of-band corroboration of a certificate's authenticity is kind of
> > necessary to the security model of SSL/TLS.  A self-signed certificate,
> > in and of itself, is not really sufficient to ensure the absence of a m=
> > in the middle attack or other compromise of the system.
> >
> > On the other hand, I don't trust Verisign, either.
> In the less virtual world, we only trust governments to provide identity=
> papers (manufactured by companies, but still the records are kept and=20
> verified by a government entity).
> Instead of trying to regulate the internet and provide a penal system,=20
> governments would do much better taking their responsibility on these iss=
> It shouldn't be so hard to give every citizen the option to "get an onlin=
> certificate corresponding with their passport" and similarly for Chambers=
> Commerce to provide certificates for businesses.

My distrust of of the certifying authority is not mitigated by replacing
Verisign with FedCorp.  Institutional incompetence is typically a result
of bureaucracy -- and even major corporations don't get as mired in
bureaucracy as government.

Chad Perrin [ content licensed OWL: ]
Quoth Bill McKibben: "The laws of Congress and the laws of physics have
grown increasingly divergent, and the laws of physics are not likely to

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v2.0.9 (FreeBSD)



Want to link to this message? Use this URL: <>