Am 14.04.2016 um 00:54 schrieb Sebastian: >> The browser developers have just decided that the trust relationship >> architecture of the virtual world will be driven by the copyright >> dinosaurs from now on, by pulling off platform support from under those >> who were experimenting with building meaningful trust models with the >> admittedly few tools we already had. >> [...] >> The sociological and political fabric of society fundamentally depends >> on our communication abilities. The future of our communication >> abilities in turn depends on the communication platforms and the trust >> relation models they support. > > That's true. But the keygen element is flawed by the known-broken CA > system(*) and you can't build a secure house on a broken foundation. You > could check whether the certificate for your site is issued by your CA, > but if the can issue certificates they could simply attack your browsers > updater. Our only hope for truly secure communication are tools like pgp > combined with anonymity through for example TOR or freenet (not the ISP) how do you come to the conclusion that you need any 3rd party CA for a client certificate which you accept on your server?
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment