potential new IETF WG on anonymous IPSec

Justin justin-cypherpunks at soze.net
Fri Sep 17 22:00:48 PDT 2004

On 2004-09-17T19:27:09-0700, Major Variola (ret) wrote:
> At 06:20 AM 9/17/04 +0000, Justin wrote:
> >On 2004-09-16T20:11:56-0700, Major Variola (ret) wrote:
> >> At 02:17 PM 9/16/04 -0700, Joe Touch wrote:
> >> >Except that certs need to be signed by authorities that are trusted.
> >> Name one.
> >
> >Oh, come on.  Nothing can be absolutely trusted.  How much security is
> >enough?
> >
> >Aren't the DOD CAs trusted enough for your tastes?  Of course, 'tis
> >problematic for civilians to get certs from there.
> DoD certs are good enough for DoD slaves.  Hospital certs are good
> enough for their employees.  Joe's Bait Und Tackle certs are good enough
> for Joe's employees.  Do you think that Verislime is good enough for
> you?

No, verislime is not good enough for me, for ethical reasons, not
security reasons.

What's good enough for most businesses is anything that keeps customers
from seeing self-signed cert warnings.  Given the choice, I'd pick
geotrust over no-thawte or verislime.

The only reason they're in business is because of browser warnings.  It
has nothing to do with "physical security" offered by the CA, or threat
models, or anything of that sort.

For e-commerce, nobody needs high security.  Anyone using a
high-credit-limit account online without a liability limit in case of
account theft is a moron.

The old must give way to the new, falsehood must become exposed by truth,
and truth, though fought, always in the end prevails.  -- L. Ron Hubbard

More information about the cypherpunks-legacy mailing list