If browsers are defeating the purpose of the chain of trust, by forcing trust in this example, why design them to freak out when a site self signs? On Apr 28, 2014 6:32 PM, "Jeffrey Walton" <[email protected]> wrote:
> On Mon, Apr 28, 2014 at 8:20 PM, Ryan Carboni <[email protected]> wrote: > > One can always start with the difficult first step of uninstalling > > certificate authorities you do not trust. > > "Opera will autorepair damage to the certificate repository, a missing > Certificate Authority is considered damage. Opera ships with a list of > frequently used certificates, and if any of these are missing they > will be added the next time the repository is read from disk. Other > certificates will be added from the online repository as needed." - > http://my.opera.com/community/forums/topic.dml?id=1580452 > > Its not just Opera. Others are using similar innovative methods to > reduce the support load and costs. > > Jeff > > > On Mon, Apr 28, 2014 at 4:42 PM, ianG <[email protected]> wrote: > >> > >> On 29/04/2014 00:12 am, Ryan Carboni wrote: > >> > trust is outsourced all the time in the non-cryptographic world > >> > >> trust is built up all the time, risks are taken all the time, choice is > >> taken all the time. > >> > >> > unless you do not have a bank account > >> > >> That's not outsourced, that's direct, person to bank, the person has a > >> choice, chooses to place her trust in that bank. Also, it is limited to > >> defined things that are required, can't be done by the person, and > >> bolstered by real backing such as FIDC. > >> > >> When you suggest "it's probably best we trust authorities" that is > >> CA-playbook crapola meaning "you must trust the authorities that have > >> been picked for you." The vector has been reversed, people are told > >> what has to happen, so there is no trust. > >> > >> Trust derives from choice. Where is the choice? > >> > >> > On Mon, Apr 28, 2014 at 3:00 PM, James A. Donald <[email protected] > >> > <mailto:[email protected]>> wrote: > >> > > >> > On 2014-04-29 05:58, Ryan Carboni wrote: > >> > > >> > We happen to live on a planet where most users are > ordinary > >> > users. > >> > > >> > > >> > given the extent of phishing, it's probably best we outsource > >> > trust to > >> > centralized authorities. > >> > Although it should be easier establishing your own certificate > >> > authority. > >> > > >> > Cannot outsource trust Ann usually knows more about Bob than a > >> > distant authority does. A certificate authority does not certify > >> > that Bob is trustworthy, but that his name is Bob. > >> > > >> > In practice, however we find that diverse entities have very > similar > >> > names, and a single entity may have many names. > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography >
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
