Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 7 Jan 2009 00:22:27 -0700
From:      Chad Perrin <perrin@apotheon.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Foiling MITM attacks on source and ports trees
Message-ID:  <20090107072227.GA84869@kokopelli.hydra>
In-Reply-To: <200901061111.52155.fbsd.questions@rachie.is-a-geek.net>
References:  <20090102164412.GA1258@phenom.cordula.ws> <20090106102124.O34151@wojtek.tensor.gdynia.pl> <20090106193126.GA82164@kokopelli.hydra> <200901061111.52155.fbsd.questions@rachie.is-a-geek.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

--7AUc2qLy4jB3hD7Z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jan 06, 2009 at 11:11:52AM -0900, Mel wrote:
> On Tuesday 06 January 2009 10:31:26 Chad Perrin wrote:
> >
> > Out-of-band corroboration of a certificate's authenticity is kind of
> > necessary to the security model of SSL/TLS.  A self-signed certificate,
> > in and of itself, is not really sufficient to ensure the absence of a m=
an
> > in the middle attack or other compromise of the system.
> >
> > On the other hand, I don't trust Verisign, either.
>=20
> In the less virtual world, we only trust governments to provide identity=
=20
> papers (manufactured by companies, but still the records are kept and=20
> verified by a government entity).
> Instead of trying to regulate the internet and provide a penal system,=20
> governments would do much better taking their responsibility on these iss=
ues.=20
> It shouldn't be so hard to give every citizen the option to "get an onlin=
e=20
> certificate corresponding with their passport" and similarly for Chambers=
 of=20
> Commerce to provide certificates for businesses.

My distrust of of the certifying authority is not mitigated by replacing
Verisign with FedCorp.  Institutional incompetence is typically a result
of bureaucracy -- and even major corporations don't get as mired in
bureaucracy as government.

--=20
Chad Perrin [ content licensed OWL: http://owl.apotheon.org ]
Quoth Bill McKibben: "The laws of Congress and the laws of physics have
grown increasingly divergent, and the laws of physics are not likely to
yield."

--7AUc2qLy4jB3hD7Z
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iEYEARECAAYFAklkWDMACgkQ9mn/Pj01uKVqZgCgwymgSairBKRJUf8zZ/zrMiUI
DMUAn1GmmlW7+UIlxk3meXkP3exEwIK0
=pwIl
-----END PGP SIGNATURE-----

--7AUc2qLy4jB3hD7Z--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20090107072227.GA84869>