Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 6 Jan 2009 11:11:52 -0900
From:      Mel <fbsd.questions@rachie.is-a-geek.net>
To:        freebsd-questions@freebsd.org
Cc:        Chad Perrin <perrin@apotheon.com>
Subject:   Re: Foiling MITM attacks on source and ports trees
Message-ID:  <200901061111.52155.fbsd.questions@rachie.is-a-geek.net>
In-Reply-To: <20090106193126.GA82164@kokopelli.hydra>
References:  <20090102164412.GA1258@phenom.cordula.ws> <20090106102124.O34151@wojtek.tensor.gdynia.pl> <20090106193126.GA82164@kokopelli.hydra>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 06 January 2009 10:31:26 Chad Perrin wrote:
> On Tue, Jan 06, 2009 at 10:22:29AM +0100, Wojciech Puchar wrote:
> > >>someone like the FreeBSD Foundation as an appropriate body to own the
> > >>cert.
> > >
> > ><OT>
> > >I would actually trust a self-signed cert by the FreeBSD security
> > > officer, more then one by Verisign.
> >
> > of course.
> >
> > there is no need to have an "authority" to make key pairs, everybody do
> > it alone.
> >
> > actually i would fear using such keys because i'm sure such companies do
> > have a copy of both keys.
>
> Out-of-band corroboration of a certificate's authenticity is kind of
> necessary to the security model of SSL/TLS.  A self-signed certificate,
> in and of itself, is not really sufficient to ensure the absence of a man
> in the middle attack or other compromise of the system.
>
> On the other hand, I don't trust Verisign, either.

In the less virtual world, we only trust governments to provide identity 
papers (manufactured by companies, but still the records are kept and 
verified by a government entity).
Instead of trying to regulate the internet and provide a penal system, 
governments would do much better taking their responsibility on these issues. 
It shouldn't be so hard to give every citizen the option to "get an online 
certificate corresponding with their passport" and similarly for Chambers of 
Commerce to provide certificates for businesses.
-- 
Mel

Problem with today's modular software: they start with the modules
    and never get to the software part.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901061111.52155.fbsd.questions>