[Discuss] the problem with centralized certificate authorities

Tom Metro tmetro+blu at gmail.com
Mon Apr 21 17:29:48 EDT 2014


Bill Ricker wrote:
> ​(sadly the current CA PKI is little better, you'd be shocked whose CA your
> browser will trust to sign *.google.com .)​

An essay proposing replacing CAs with a "web of trust" model like GPG uses:
http://lorddoig.svbtle.com/heartbleed-should-bleed-x509-to-death

(The author is now proposing "a working group to kill X.509.")

(Not a novel idea. An example older article:
http://blog.cryptographyengineering.com/2012/02/how-to-fix-internet.html )


And related, the problem with certificate Revocation checking (OCSP):
https://www.imperialviolet.org/2014/04/19/revchecking.html

 -Tom

-- 
Tom Metro
The Perl Shop, Newton, MA, USA
"Predictable On-demand Perl Consulting."
http://www.theperlshop.com/



More information about the Discuss mailing list