[jdev] Re: TLS and self-signed certs

Neil Stevens neil at hakubi.us
Fri Nov 12 00:14:46 CST 2004

Hash: SHA1

On Thursday 11 November 2004 09:44 pm, David Waite wrote:
> On Thu, 11 Nov 2004 19:54:49 -0800, Neil Stevens <neil at hakubi.us> wrote:
> > Also, remember that different people have different threat models to
> > address.  Someone in the old hypothetical revolutionary conspiracy
> > can't afford to depend on large institutional corporations to sign
> > their certificates, but still might want to protect their
> > communications from eavesdropping.
> Err, except to have a certificate issued means that your public key
> has been verified as being from you - verisign for instance never sees
> your private key. They only see what they would get anyway by
> connecting to the socket you are running on.
> There is a lot more risk in trusting a self-signed certificate as a
> CA, since that certificate can then be used to generate certificates
> for any other domain.

Obviously the private key is kept secret when the public key is signed.  My 
point is that if one's adversary has influence over the CA, one is wise to 
avoid all contact with the CA.

I don't pay attention to CAs.  I have no reason to trust them, because as 
you say, a CA must be trusted not just to be who it says it is, but to be 
perfect in its evaluation of others' identity.  There's no agency in the 
world I could trust that well.

Because of that, I get a little concerned when people insist that the magic 
of a CA makes TLS work, or that without one TLS is worthless.

- -- 
Neil Stevens - neil at hakubi.us
"The world is a dangerous place to live; not because of the people who
are evil, but because of the people who don't do anything about it."
                                                 -- Albert Einstein(?)
Version: GnuPG v1.2.4 (FreeBSD)


More information about the JDev mailing list