[svlug] FYI for all those who don't read slashdot
marc_news at merlins.org
Tue Nov 18 15:28:14 PST 2014
On Tue, Nov 18, 2014 at 12:50:38PM -0800, Michael Eager wrote:
> On 11/18/14 12:19, Josef Grosch wrote:
> > http://it.slashdot.org/story/14/11/18/1830229/launching-2015-a-new-certificate-authority-to-encrypt-the-entire-web
> > https://letsencrypt.org/
> While I think that most things that the EFF does are good,
> I'm not so sure about this. There are significant flaws
> in the Certificate Authority model (see recent IEEE Software
> article, I believe).
> If anyone can obtain a certificate using an automated method,
> what is it certifying? That someone obtained it using a cheap
> automated server? Yes. That the certificate is for who it
> claims to represent? I'm not so sure.
Your point is valid, but even a self signed certificate adds some
security by simply making the traffic not possible to snoop by others.
An attacker now has to launch a man in the middle against you which is
of course possible, but considerably more effort than just listening
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | PGP 1024R/763BE901
More information about the svlug