[Ach] StartSSL for Business Sysadmins
Tobias Dussa (SCC)
tobias.dussa at kit.edu
Tue Jan 14 13:13:56 CET 2014
On Tue, Jan 14, 2014 at 02:10:04PM +0300, ianG wrote:
> > CAs, on the other hand, do provide CP/CPS, so you have at least some indication
> > of what is going on.
> Has granny read the CP/CPS?
Most probably not, which is, again, my point. It is important that people
understand what they are doing.
But at least, there ARE CP/CPS that can be read.
> > You still have to decide whether
> Exactly. Everyone on the planet has to review the situation and decide
> for themselves.
... which is different from SSH or GPG exactly how?
> This is a fallacy. It is to model everyone as a lawyer.
So if we decide to go down that road, you can just as easily argue that PGP
models everyone as a cryptography expert.
> Actually that's too kind. It's a fairy tale, and it should be preserved
> for 4 year olds.
Care to explain? I can't really follow.
> > a) a given CA is
> > trustworthy in the sense that they stick to their own CP/CPS and b) whether you
> > think that their CP/CPS are sensible, but at least there are published CP/CPS
> > (as opposed to "I know this guy and he seems to know what he is doing, so I
> > trust his signatures," which essentially says nothing about what his or her
> > signature actually implies).
> So we've got a model that is widely ignored because it starts from an
> impossible and insulting marketing claim, and we've got a model which
> says nothing.
Okay. I still don't quite see your claims, to be honest.
> This is one of those battles where if you win, you lose.
So the best course of action is to ignore one side? I'm baffled, frankly.
Do not meddle in the affairs of wizards for you are crunchy and taste
good with ketchup.
Karlsruhe Institute of Technology (KIT)
Steinbuch Centre for Computing (SCC)
CERT Manager, CA Manager
76131 Karlsruhe, Germany
Phone: +49 721 608-42479
Fax: +49 721 608-9-42479
Email: tobias.dussa at kit.edu
KIT – University of the State of Baden-Wuerttemberg and
National Laboratory of the Helmholtz Association
More information about the Ach