[jdev] Re: TLS and self-signed certs
neil at hakubi.us
Fri Nov 12 00:14:46 CST 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 11 November 2004 09:44 pm, David Waite wrote:
> On Thu, 11 Nov 2004 19:54:49 -0800, Neil Stevens <neil at hakubi.us> wrote:
> > Also, remember that different people have different threat models to
> > address. Someone in the old hypothetical revolutionary conspiracy
> > can't afford to depend on large institutional corporations to sign
> > their certificates, but still might want to protect their
> > communications from eavesdropping.
> Err, except to have a certificate issued means that your public key
> has been verified as being from you - verisign for instance never sees
> your private key. They only see what they would get anyway by
> connecting to the socket you are running on.
> There is a lot more risk in trusting a self-signed certificate as a
> CA, since that certificate can then be used to generate certificates
> for any other domain.
Obviously the private key is kept secret when the public key is signed. My
point is that if one's adversary has influence over the CA, one is wise to
avoid all contact with the CA.
I don't pay attention to CAs. I have no reason to trust them, because as
you say, a CA must be trusted not just to be who it says it is, but to be
perfect in its evaluation of others' identity. There's no agency in the
world I could trust that well.
Because of that, I get a little concerned when people insist that the magic
of a CA makes TLS work, or that without one TLS is worthless.
Neil Stevens - neil at hakubi.us
"The world is a dangerous place to live; not because of the people who
are evil, but because of the people who don't do anything about it."
-- Albert Einstein(?)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
-----END PGP SIGNATURE-----
More information about the JDev