29 Oct
2013
29 Oct
'13
5:50 a.m.
On 2013-10-28 23:21, Mike Hearn wrote:
By the way, the evidence from the Snowden case rather reinforces the strength of the CA system. Did we see stories about bulk usage of fake certificates? No.
The problem with the CA system is not so much governments getting at it, as that client certificates are user hostile, and x.509 namespace confusing and misleading. If banks have their name space messed up, what chance do ordinary users have? You are going to need servers that curate reputational information. Let them name the public keys.