[Top] [All Lists]

Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogueCAcertificate

2009-01-08 13:32:55

Folks: is rehashing the blue-sky discussions of how to create a better trust 
model for SSL without a stable proposal to look at really a good use of the the 
CFRG, SAAG, S/MIME, and PKIX mailing lists?

If you want to be serious about this, please write an Internet Draft and set up 
a mailing list for the discussion. Invite people from these lists to join, and 
maybe announce revisions to your draft. Be sure to invite people from the 
Mozilla security community: they are having their own (perpetually repeating) 
discussion of this, again without a stable document to comment on.

We *can* change the security model, but not with the current method of 

--Paul Hoffman, Director
--VPN Consortium