Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- Date: Tue, 8 Sep 2009 18:04:41 +0900
- From: Curt Sampson <cjs@example.com>
- Subject: Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- References: <4A9BDC50.9000308@example.com> <9925DC33-8056-42EB-9120-9959B27987B6@example.com> <878wgzv45p.fsf@example.com> <4A9D0CDB.3040208@example.com> <4A9D1080.7010300@example.com> <4A9D187A.10001@example.com> <87r5uqt8np.fsf@example.com> <4A9EAE18.9030300@example.com> <8763c0u7kr.fsf@example.com> <4AA5D456.2090301@example.com>
- User-agent: Mutt/1.5.18 (2008-05-17)
On 2009-09-08 12:49 +0900 (Tue), Edward Middleton wrote:
> Coupled this with the inability of users to determine whether
> something came from a trusted source.... Until recently the only check
> required to issue an SSL certificate was to check the domain name was
> registered by the applicant, because bad people can't own domain names ;)
That's a misinterpretation (and extremely typical one) on your part
of what it means to be issued an SSL certificate. We've known from
the beginning that bad people own domain names, and that good people
sometimes do bad things with their domain names. SSL certs within the
certification infrastructure do not, never have, and were never intended
to address that problem. (And for good reason: what's a "bad" person?
That varies depending on who *you* are.)
The current system does *authentication*: all that a valid HTTPS
authentication exchange says is that you really are connected to a
server associated with the holders of that domain name, if those holders
have been reasonably careful.
The *authorization* part, that is, what information you're going to give
them and what you'll allow them to do, is up to you.
And that's the correct security tradeoff for this situation.
cjs
--
Curt Sampson <cjs@example.com> +81 90 7737 2974
Functional programming in all senses of the word:
http://www.starling-software.com
- Follow-Ups:
- Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- From: Edward Middleton
- Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- References:
- Re: [tlug] Anyone seen this gizmo yet?
- From: Gen Kanai
- Re: [tlug] Anyone seen this gizmo yet?
- From: Stephen J. Turnbull
- Re: [tlug] Anyone seen this gizmo yet?
- From: Sotaro Kobayashi
- Re: [tlug] Anyone seen this gizmo yet?
- From: Godwin Stewart
- Re: [tlug] Anyone seen this gizmo yet?
- From: Sotaro Kobayashi
- [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- From: Stephen J. Turnbull
- Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- From: Edward Middleton
- Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- From: Stephen J. Turnbull
- Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- From: Edward Middleton
- Re: [tlug] Anyone seen this gizmo yet?
- Prev by Date: Re: [tlug] Tux is now in Tokyo ! who wants to get it ?
- Next by Date: Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- Previous by thread: Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- Next by thread: Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |