[svlug] FYI for all those who don't read slashdot

Michael Eager eager at eagercon.com
Tue Nov 18 12:50:38 PST 2014


On 11/18/14 12:19, Josef Grosch wrote:
> http://it.slashdot.org/story/14/11/18/1830229/launching-2015-a-new-certificate-authority-to-encrypt-the-entire-web
>
> https://letsencrypt.org/

While I think that most things that the EFF does are good,
I'm not so sure about this.  There are significant flaws
in the Certificate Authority model (see recent IEEE Software
article, I believe).

If anyone can obtain a certificate using an automated method,
what is it certifying?  That someone obtained it using a cheap
automated server?  Yes.  That the certificate is for who it
claims to represent?  I'm not so sure.


-- 
Michael Eager	 eager at eagercon.com
1960 Park Blvd., Palo Alto, CA 94306  650-325-8077




More information about the svlug mailing list