On Aug 27, 2011, at 7:30 PM, Hector Santos wrote:
Keith Moore wrote:
On Aug 27, 2011, at 10:31 AM, John Levine wrote:
TLS for session privacy is nice, but I find negligible value in a
little lock icon in my browser that means only that one of the several
dozen cert issuers configured into my browser, most of whom I've never
heard of, and many of whom aren't even the organization in the cert
name, signed something.
+1. IMO browser vendors have made TLS nearly useless for web browsing by
including so many default CAs; some with dubious integrity, and a few with a
demonstrated lack of integrity.
Interesting viewpoint. Are you advocating for a monopoly or oligopoly
centralization?
no, replacing one flawed model for another won't help.
the root problem is that users are being expected to extend trust to whatever
set of CAs the browser vendors find "convenient", and browser vendors can be
influenced/coerced in these choices by various means.
but it's not as if users are in a better position to decide which CAs are
trustworthy.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf