Thomas Shadduck writes:
The problem that makes me feel uneasy about SSL is the vulnerability of the certification authorities when they get compromised, everything they signed gets compromised too.
Technically this is true, but the only thing that the CA signs is other keys. So it merely means that the CA can create certificates on behalf of anyone the compromisers choose. It doesnt "compromise" any existing key or previously issued certificate or even any newly created key. In any case, you dont need a CA to use SSL. (Or more accurately, you dont need anyone elses CA to use SSL just create your own CA and issue yourself a certificate. This can be done without a lot of effort using openssl, for example.)
However, the system could be for some applications potentially get hardened to certain degree, using the web-of-trust approach.
What exactly does this buy you? The SSL certification authority system has as its only (but useful) redeeming value that one can connect to www.somecompany.com and have some level of confidence that the SSL certificate presented by that site was actually issued to www.somecompany.com and was issued by a "reputable" certification authority -- one that presumably will not hand out a certificate stamped www.somecompany.com to creditcardscammer@blackhat.net. If the certificate presented is not from one of the recognized "reputable" CAs built into your web browser, SSL itself will still work but your web browser will pop up a box saying that the CA is not in its list of "reputable" CAs (and BTW "would you like to connect anyway? yesno"). I dont understand the mindless worship of the "web of trust". PGP (/GPG) is a useful tool, but the "web of trust" is simply a way of "certifying" a key in a non-centralized, non-hierarchical way. -- Frondeur