Date: Tue, 6 Jan 2009 11:11:52 -0900 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Cc: Chad Perrin <perrin@apotheon.com> Subject: Re: Foiling MITM attacks on source and ports trees Message-ID: <200901061111.52155.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <20090106193126.GA82164@kokopelli.hydra> References: <20090102164412.GA1258@phenom.cordula.ws> <20090106102124.O34151@wojtek.tensor.gdynia.pl> <20090106193126.GA82164@kokopelli.hydra>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 06 January 2009 10:31:26 Chad Perrin wrote: > On Tue, Jan 06, 2009 at 10:22:29AM +0100, Wojciech Puchar wrote: > > >>someone like the FreeBSD Foundation as an appropriate body to own the > > >>cert. > > > > > ><OT> > > >I would actually trust a self-signed cert by the FreeBSD security > > > officer, more then one by Verisign. > > > > of course. > > > > there is no need to have an "authority" to make key pairs, everybody do > > it alone. > > > > actually i would fear using such keys because i'm sure such companies do > > have a copy of both keys. > > Out-of-band corroboration of a certificate's authenticity is kind of > necessary to the security model of SSL/TLS. A self-signed certificate, > in and of itself, is not really sufficient to ensure the absence of a man > in the middle attack or other compromise of the system. > > On the other hand, I don't trust Verisign, either. In the less virtual world, we only trust governments to provide identity papers (manufactured by companies, but still the records are kept and verified by a government entity). Instead of trying to regulate the internet and provide a penal system, governments would do much better taking their responsibility on these issues. It shouldn't be so hard to give every citizen the option to "get an online certificate corresponding with their passport" and similarly for Chambers of Commerce to provide certificates for businesses. -- Mel Problem with today's modular software: they start with the modules and never get to the software part.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901061111.52155.fbsd.questions>