[Ach] StartSSL for Business Sysadmins

Tobias Dussa (SCC) tobias.dussa at kit.edu
Tue Jan 14 13:13:56 CET 2014


On Tue, Jan 14, 2014 at 02:10:04PM +0300, ianG wrote:
> > CAs, on the other hand, do provide CP/CPS, so you have at least some indication
> > of what is going on.
> Has granny read the CP/CPS?

Most probably not, which is, again, my point.  It is important that people
understand what they are doing.
But at least, there ARE CP/CPS that can be read.

> > You still have to decide whether
> Exactly.  Everyone on the planet has to review the situation and decide
> for themselves.

... which is different from SSH or GPG exactly how?

> This is a fallacy.  It is to model everyone as a lawyer.

So if we decide to go down that road, you can just as easily argue that PGP
models everyone as a cryptography expert.

> Actually that's too kind.  It's a fairy tale, and it should be preserved
> for 4 year olds.

Care to explain?  I can't really follow.

> > a) a given CA is
> > trustworthy in the sense that they stick to their own CP/CPS and b) whether you
> > think that their CP/CPS are sensible, but at least there are published CP/CPS
> > (as opposed to "I know this guy and he seems to know what he is doing, so I
> > trust his signatures," which essentially says nothing about what his or her
> > signature actually implies).
> So we've got a model that is widely ignored because it starts from an
> impossible and insulting marketing claim, and we've got a model which
> says nothing.

Okay.  I still don't quite see your claims, to be honest.

> This is one of those battles where if you win, you lose.

So the best course of action is to ignore one side?  I'm baffled, frankly.

Do not meddle in the affairs of wizards for you are crunchy and taste                          
good with ketchup.                                                                             


Karlsruhe Institute of Technology (KIT)
Steinbuch Centre for Computing (SCC)

Tobias Dussa
CERT Manager, CA Manager

Zirkel 2
Building 20.21
76131 Karlsruhe, Germany

Phone: +49 721 608-42479
Fax: +49 721 608-9-42479
Email: tobias.dussa at kit.edu
Web: http://www.kit.edu/

KIT – University of the State of Baden-Wuerttemberg and
National Laboratory of the Helmholtz Association

More information about the Ach mailing list