[Ach] StartSSL for Business Sysadmins
Tobias Dussa (SCC)
tobias.dussa at kit.edu
Tue Jan 14 13:13:56 CET 2014
Hi,
On Tue, Jan 14, 2014 at 02:10:04PM +0300, ianG wrote:
> > CAs, on the other hand, do provide CP/CPS, so you have at least some indication
> > of what is going on.
> Has granny read the CP/CPS?
Most probably not, which is, again, my point. It is important that people
understand what they are doing.
But at least, there ARE CP/CPS that can be read.
> > You still have to decide whether
> Exactly. Everyone on the planet has to review the situation and decide
> for themselves.
... which is different from SSH or GPG exactly how?
> This is a fallacy. It is to model everyone as a lawyer.
So if we decide to go down that road, you can just as easily argue that PGP
models everyone as a cryptography expert.
> Actually that's too kind. It's a fairy tale, and it should be preserved
> for 4 year olds.
Care to explain? I can't really follow.
> > a) a given CA is
> > trustworthy in the sense that they stick to their own CP/CPS and b) whether you
> > think that their CP/CPS are sensible, but at least there are published CP/CPS
> > (as opposed to "I know this guy and he seems to know what he is doing, so I
> > trust his signatures," which essentially says nothing about what his or her
> > signature actually implies).
> So we've got a model that is widely ignored because it starts from an
> impossible and insulting marketing claim, and we've got a model which
> says nothing.
Okay. I still don't quite see your claims, to be honest.
> This is one of those battles where if you win, you lose.
So the best course of action is to ignore one side? I'm baffled, frankly.
Cheers,
Toby.
--
Do not meddle in the affairs of wizards for you are crunchy and taste
good with ketchup.
----
Karlsruhe Institute of Technology (KIT)
Steinbuch Centre for Computing (SCC)
KIT-CERT
Tobias Dussa
CERT Manager, CA Manager
Zirkel 2
Building 20.21
76131 Karlsruhe, Germany
Phone: +49 721 608-42479
Fax: +49 721 608-9-42479
Email: tobias.dussa at kit.edu
Web: http://www.kit.edu/
KIT – University of the State of Baden-Wuerttemberg and
National Laboratory of the Helmholtz Association
More information about the Ach
mailing list