Nelson B Bolyard wrote:
On 2010/02/22 02:11 PST, makrober wrote:
CHHIC controversy has exposed the fallacy of current SSL implementation
premise,
Rather, it has exposed an unrelenting amount of accusation without
evidence. Show us a single falsified certificate. Anything less is
unworthy of this forum.
Personally, I have no view of that particular CA; I am interested in
the somewhat abstract concept of trust, and what has to be done to
model it properly in a computer system.
It appears to me that what we have here is a clash between the concepts
of trust held by two sides: in the world of crypto product architects,
trust is created by a promise, and it takes a proven malfeasance for
it to expire. In real world, a promise is not enough to create trust.
There, it is earned by actions and can be lost by mere suspicion.
MakRober
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
