[ZS] Why centralized infrastructure doesn't work

Bryce Lynch virtualadept at gmail.com
Tue Jun 5 06:43:34 PDT 2012

On Tue, Jun 5, 2012 at 2:51 AM, R|diger Koch
<rudiger.koch at googlemail.com> wrote:
> http://news.slashdot.org/story/12/06/04/1211206/microsoft-certificate-was-used-to-sign-flame-malware

SSL and CAs being completely b0rked out of the gate and all that...
#include Moxie Marlinspike's talk last summer.

> imagine such an incident in something that's really important - such as a
> payment infrastructure. I think this goes to show that *anything* that
> relies on trust authorities must be avoided like the plague.

Centralized SSL authorities being compromised has been a problem for
nearly five years now.  Plus, there is no way of knowing how  many
"*.*" certs are floating around out there because they're just files
that can be copied.

Also, there are CAs which will sell *.* MITM-capable certs to whomever
is willing to pay for them because they are then loaded into "loss
prevention" devices to look for data exfiltration.  So, on that front
the battle's already lost because one corporation's MITM cert is
another's surveillance tool.

Has convergance.io gotten any easier to use, or does it still have a
certificate-hairball heart attack the first time one runs a Google

The Doctor [412/724/301/703] [ZS]
"I am everywhere."

Zero State mailing list:

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the Testlist mailing list