Date: Fri, 9 Jan 2009 13:39:51 -0700 From: Chad Perrin <perrin@apotheon.com> To: freebsd-questions@freebsd.org Subject: Re: Foiling MITM attacks on source and ports trees Message-ID: <20090109203951.GB3007@kokopelli.hydra> In-Reply-To: <p06240802c589e930995c@[10.0.0.10]> References: <20090102164412.GA1258@phenom.cordula.ws> <20090103013825.18910bf5@gumby.homeunix.com> <495F5DD7.2070302@infracaninophile.co.uk> <200901052258.39785.fbsd.questions@rachie.is-a-geek.net> <20090106102124.O34151@wojtek.tensor.gdynia.pl> <20090106193126.GA82164@kokopelli.hydra> <p06240802c589e930995c@[10.0.0.10]>
next in thread | previous in thread | raw e-mail | index | archive | help
--f2QGlHpHGjS2mn6Y Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 06, 2009 at 09:08:56PM -0800, Walt Pawley wrote: > At 12:31 PM -0700 1/6/09, Chad Perrin wrote: >=20 > >On the other hand, I don't trust Verisign, either. >=20 > What's to trust? If you pay them, you "in." Exactly. That's why I -- as the guy sitting in front of the *browser* -- don't trust Verisign to do my authentication and authorization thinking for me. There's at minimum a potential for conflict of interest there, in addition to the likelihood (now realized, in the form of leveraging MD5 to crack Verisign cert authenticity) of bureaucratic incompetence producing disaster entirely by accident. --=20 Chad Perrin [ content licensed OWL: http://owl.apotheon.org ] Quoth James Madison: "If Tyranny and Oppression come to this land, it will be in the guise of fighting a foreign enemy." --f2QGlHpHGjS2mn6Y Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAklnthcACgkQ9mn/Pj01uKUzTwCePsjKB8QN3jvCpfseEGySZa9z k7AAnioO5TFbAJZyE/lmt6PYTU2ePNnH =ICdx -----END PGP SIGNATURE----- --f2QGlHpHGjS2mn6Y--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090109203951.GB3007>