Nice! Now, if they could package up a plugin or a new root list such
that we could write in 2 lines what busy sysadms had to do, I'd say it
would make a great recommendation.
=20
What I'm trying to get away from is the notion that we should put a
simply list in the doc and say "oh, and strip these out! You know
how, vi is your friend..."
Yea. That won't work at all, there's no clear authority [sic!] on who
can decide a CA is not trustworthy. Experience has to show that, and in
cates From Trust, Stores
References: <5328EE7F.9070503@azet.org> <5328F7FC.5060802@iang.org>
In-Reply-To: <5328F7FC.5060802@iang.org>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enig2D2852BFD85FEBF952C9CE4C"
Cc: cpunks
X-BeenThere: cypherpunks@cpunks.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: The Cypherpunks Mailing List
List-Unsubscribe: https://cpunks.org/mailman/options/cypherpunks,
mailto:cypherpunks-request@cpunks.org?subject=unsubscribe
List-Archive: http://cpunks.org/pipermail/cypherpunks/
List-Post: mailto:cypherpunks@cpunks.org
List-Help: mailto:cypherpunks-request@cpunks.org?subject=help
List-Subscribe: https://cpunks.org/mailman/listinfo/cypherpunks,
mailto:cypherpunks-request@cpunks.org?subject=subscribe
X-List-Received-Date: Wed, 19 Mar 2014 03:52:41 -0000
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig2D2852BFD85FEBF952C9CE4C
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Hi Ian,
ianG wrote:
that case a lot of the big CAs will fail an evaluation. If you ask me,
it's pretty easy, my list of trusted CAs is empty. Automated generation
of lists of CAs that are simply unused is just the first step. I think
certificate-transparency is a good way to do that, the rest is basically
automation. For example: one can provide chef, puppet, ansible recipies
for linux and mac clients, a similar solution for windows and mobile
devices should also be doable.
Aaron
--------------enig2D2852BFD85FEBF952C9CE4C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJTKRQqAAoJEOTbZJL9ubXVB2cQAMCC6nlPTgUn86bCXi8ny+uk
noYKI7XXHq0Hzl/f3Hd67oAXEX9wNh1znSBRYJ3sfSd5dgeyTfhn6NIITjdzqGc1
+1yAmyIn7Q8/+lDgSEPdsTDKFXqiTtQj9iK6t+/Ul6/l34movetvYBBI85f9yO96
4swk7obaqpRqkziVoUt0K2lopYrCxXHK7hVkXmwXgt1UlyccODHy2fWO3QWl8SWw
xmrQlCJ+BGuYiV2mNFZe9w5etLwGX7wiR4xpaAHXoYZL6Kt2f//fmdb+pWnq8lE/
/NxmAQlDboPBB39uPhhsUtbrwOUS/4ZFqiA3tUSgcYZMGxYPWoUkkJpuccpWhYMf
psaWrZmhz0CoL9FPiKngscv9DNAMIHfOOa0Ynku4RfBvO2Q/4F1JrW4epwCJuQiK
kxKDjD2+pQ/UdIlIWSdylskaVZV+qsKWBa+4oBbGQYz9DXLgYwaPh7p6QzRcZGvA
sP3p6t+aluUqCtc11cgiKfCfLs8uezTNQUYrrlu4E1G3IXkMPMmSOuheiwu+sRCJ
BSlP/ys/FihB6J6EsC4i7AkLK8Ws1vfarCZDdycA++lr63Uoj0LEYv8/nTgg/GNj
ZaDmuGO1sBMwEEH0nTyBDk2fJryOFjiGzzdzmEuk7fAWD6tY16mqYUptqlDmphz/
79u6Uftx8nNa3u099JBL
=7ty+
-----END PGP SIGNATURE-----
--------------enig2D2852BFD85FEBF952C9CE4C--