[svlug] FYI for all those who don't read slashdot

Michael Eager eager at eagercon.com
Tue Nov 18 12:50:38 PST 2014

On 11/18/14 12:19, Josef Grosch wrote:
> http://it.slashdot.org/story/14/11/18/1830229/launching-2015-a-new-certificate-authority-to-encrypt-the-entire-web
> https://letsencrypt.org/

While I think that most things that the EFF does are good,
I'm not so sure about this.  There are significant flaws
in the Certificate Authority model (see recent IEEE Software
article, I believe).

If anyone can obtain a certificate using an automated method,
what is it certifying?  That someone obtained it using a cheap
automated server?  Yes.  That the certificate is for who it
claims to represent?  I'm not so sure.

Michael Eager	 eager at eagercon.com
1960 Park Blvd., Palo Alto, CA 94306  650-325-8077

More information about the svlug mailing list