[svlug] FYI for all those who don't read slashdot

Don Marti dmarti at zgp.org
Thu Nov 20 11:08:50 PST 2014


begin Rick Moen quotation of Thu, Nov 20, 2014 at 09:05:17AM -0800:
> Josef Grosch wrote:
> > https://letsencrypt.org/

> Knowing the Internet, though, I expect most interest in Let's Encrypt 
> will go no further than 'Oh, good, now my no-cost cert can now be
> "validated" by default Web browser configurations so that my users
> won't worry about security', without any concern over whether those
> such users _ought_ to be trusting CA attestation in the first place.  

Easier to split out the problem of at least getting
some basic encryption going so that it's harder for
ISPs to do creepy ads based on content inspection.

Once you have that basic win, it's easier to do
ssh-style MITM detection in the browser, or other
additional security measures.

The current CA model has significant flaws...
  https://bugzilla.mozilla.org/show_bug.cgi?id=647959

-- 
Don Marti                    
http://zgp.org/~dmarti/
dmarti at zgp.org




More information about the svlug mailing list