[Ach] StartSSL for Business Sysadmins

Tobias Dussa (SCC) tobias.dussa at kit.edu
Tue Jan 14 13:13:56 CET 2014 

Hi,

On Tue, Jan 14, 2014 at 02:10:04PM +0300, ianG wrote:
> > CAs, on the other hand, do provide CP/CPS, so you have at least some indication
> > of what is going on.
> Has granny read the CP/CPS?

Most probably not, which is, again, my point.  It is important that people
understand what they are doing.
But at least, there ARE CP/CPS that can be read.

> > You still have to decide whether
> Exactly.  Everyone on the planet has to review the situation and decide
> for themselves.

... which is different from SSH or GPG exactly how?

> This is a fallacy.  It is to model everyone as a lawyer.

So if we decide to go down that road, you can just as easily argue that PGP
models everyone as a cryptography expert.

> Actually that's too kind.  It's a fairy tale, and it should be preserved
> for 4 year olds.

Care to explain?  I can't really follow.

> > a) a given CA is
> > trustworthy in the sense that they stick to their own CP/CPS and b) whether you
> > think that their CP/CPS are sensible, but at least there are published CP/CPS
> > (as opposed to "I know this guy and he seems to know what he is doing, so I
> > trust his signatures," which essentially says nothing about what his or her
> > signature actually implies).
> So we've got a model that is widely ignored because it starts from an
> impossible and insulting marketing claim, and we've got a model which
> says nothing.

Okay.  I still don't quite see your claims, to be honest.

> This is one of those battles where if you win, you lose.

So the best course of action is to ignore one side?  I'm baffled, frankly.

Cheers,
Toby.
-- 
Do not meddle in the affairs of wizards for you are crunchy and taste                          
good with ketchup.                                                                             

----

Karlsruhe Institute of Technology (KIT)
Steinbuch Centre for Computing (SCC)
KIT-CERT

Tobias Dussa
CERT Manager, CA Manager

Zirkel 2
Building 20.21
76131 Karlsruhe, Germany

Phone: +49 721 608-42479
Fax: +49 721 608-9-42479
Email: tobias.dussa at kit.edu
Web: http://www.kit.edu/

KIT – University of the State of Baden-Wuerttemberg and
National Laboratory of the Helmholtz Association

More information about the Ach mailing list