Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- Date: Tue, 08 Sep 2009 18:27:37 +0900
- From: Edward Middleton <emiddleton@example.com>
- Subject: Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- References: <4A9BDC50.9000308@example.com> <9925DC33-8056-42EB-9120-9959B27987B6@example.com> <878wgzv45p.fsf@example.com> <4A9D0CDB.3040208@example.com> <4A9D1080.7010300@example.com> <4A9D187A.10001@example.com> <87r5uqt8np.fsf@example.com> <4A9EAE18.9030300@example.com> <8763c0u7kr.fsf@example.com> <4AA5D456.2090301@example.com> <20090908090440.GD8194@example.com>
- User-agent: Thunderbird 2.0.0.22 (X11/20090731)
Curt Sampson wrote: > Edward Middleton wrote: > >> Coupled this with the inability of users to determine whether >> something came from a trusted source.... Until recently the only check >> required to issue an SSL certificate was to check the domain name was >> registered by the applicant, because bad people can't own domain names ;) >> > > That's a misinterpretation (and extremely typical one) on your part > of what it means to be issued an SSL certificate.. > What it means depends on what the level the ca went to verify the identity of the holders of the domain[1]. > The current system does *authentication*: all that a valid HTTPS > authentication exchange says is that you really are connected to a > server associated with the holders of that domain name, if those holders > have been reasonably careful. > With only a domain name check it doesn't tell you who the holders of the domain are. Without that information it is pretty difficult to assess the trustworthiness of the site. Edward 1. http://en.wikipedia.org/wiki/Extended_Validation_Certificate
- Follow-Ups:
- References:
- Re: [tlug] Anyone seen this gizmo yet?
- From: Gen Kanai
- Re: [tlug] Anyone seen this gizmo yet?
- From: Stephen J. Turnbull
- Re: [tlug] Anyone seen this gizmo yet?
- From: Sotaro Kobayashi
- Re: [tlug] Anyone seen this gizmo yet?
- From: Godwin Stewart
- Re: [tlug] Anyone seen this gizmo yet?
- From: Sotaro Kobayashi
- [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- From: Stephen J. Turnbull
- Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- From: Edward Middleton
- Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- From: Stephen J. Turnbull
- Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- From: Edward Middleton
- Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- From: Curt Sampson
- Re: [tlug] Anyone seen this gizmo yet?
- Prev by Date: Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- Next by Date: Re: [tlug] Tux is now in Tokyo ! who wants to get it ?
- Previous by thread: Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- Next by thread: Re: [tlug] System security and public policy [was: Anyone seen this gizmo yet?]
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |