[Info-vax] [OT] Zero trust software, was: Re: Rethinking DECNET ?
Bill Gunshannon
bill at server3.cs.scranton.edu
Wed Sep 3 08:42:49 EDT 2014
In article <54066d95$0$35068$c3e8da3$460562f1 at news.astraweb.com>,
JF Mezei <jfmezei.spamnot at vaxination.ca> writes:
>
>>> What are the advantages, and disadvantages, of using purchased
>>> certificates vs the ones you can generate yourself?
>
> With a purchased certificate from say Verisign, the other peer can check
> with Verisign the authnenticity of your certificate before proceeding
> with communication. (aka: make sure you are the one who say you are).
What good is that if the certificate authority has deliberately compromised
the certificate, like VeriSign.
>
> With self signed certificate, there is no way to check authenticity of
> the certificate, so you could be an imposter maskarading as someone else.
I know that when I use a certificate I generated it is secure. Can I
say the same thing about a third-party certificate?
>
>
>> Self-signed certificates remove a possible attack vector for the NSA.
>
> Yep. But this is a new advantage now that we know that commercial
> certificates, formerly seen as far mreo secure, are compromised by the NSA.
Not compromised by the NSA. Compromised voluntarily by the certificate
authority that everyone else seems willing to trust. I have never seen
any reason to trust them and my scepticism has been vindicated.
bill
--
Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
billg999 at cs.scranton.edu | and a sheep voting on what's for dinner.
University of Scranton |
Scranton, Pennsylvania | #include <std.disclaimer.h>
More information about the Info-vax
mailing list