Date: Wed, 7 Jan 2009 00:22:27 -0700 From: Chad Perrin <perrin@apotheon.com> To: freebsd-questions@freebsd.org Subject: Re: Foiling MITM attacks on source and ports trees Message-ID: <20090107072227.GA84869@kokopelli.hydra> In-Reply-To: <200901061111.52155.fbsd.questions@rachie.is-a-geek.net> References: <20090102164412.GA1258@phenom.cordula.ws> <20090106102124.O34151@wojtek.tensor.gdynia.pl> <20090106193126.GA82164@kokopelli.hydra> <200901061111.52155.fbsd.questions@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 06, 2009 at 11:11:52AM -0900, Mel wrote: > On Tuesday 06 January 2009 10:31:26 Chad Perrin wrote: > > > > Out-of-band corroboration of a certificate's authenticity is kind of > > necessary to the security model of SSL/TLS. A self-signed certificate, > > in and of itself, is not really sufficient to ensure the absence of a m= an > > in the middle attack or other compromise of the system. > > > > On the other hand, I don't trust Verisign, either. >=20 > In the less virtual world, we only trust governments to provide identity= =20 > papers (manufactured by companies, but still the records are kept and=20 > verified by a government entity). > Instead of trying to regulate the internet and provide a penal system,=20 > governments would do much better taking their responsibility on these iss= ues.=20 > It shouldn't be so hard to give every citizen the option to "get an onlin= e=20 > certificate corresponding with their passport" and similarly for Chambers= of=20 > Commerce to provide certificates for businesses. My distrust of of the certifying authority is not mitigated by replacing Verisign with FedCorp. Institutional incompetence is typically a result of bureaucracy -- and even major corporations don't get as mired in bureaucracy as government. --=20 Chad Perrin [ content licensed OWL: http://owl.apotheon.org ] Quoth Bill McKibben: "The laws of Congress and the laws of physics have grown increasingly divergent, and the laws of physics are not likely to yield." --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAklkWDMACgkQ9mn/Pj01uKVqZgCgwymgSairBKRJUf8zZ/zrMiUI DMUAn1GmmlW7+UIlxk3meXkP3exEwIK0 =pwIl -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090107072227.GA84869>