[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Giving Hidden Services some love
On Sun, 04 Jan 2015 13:31:17 -0800
"Jesse B. Crawford" <jesse@xxxxxxxxxxxxx> wrote:
> On 2015-01-04 02:37, Peter Tonoli wrote:
> > EV certificates don't fix any problem. The validation of a 'legal
> > entity' is purely due to an agreed policy. A rogue, compromised, or
> > alternate CA could release certificates with EV fields that don't
> > 'rigorously' validate the organisation that applies for the
> > certificate.
>
> I am assuming here that users trust CAs - I think a fair assumption
> for practical purposes since this is the foundation of the current
> open-internet system.
I'm not sure that is a fair assumption; Comodo for example. Purely
because today a lot of secure communication relies on CAs, I don't
think is a reason to continue along the same path and not look into
alternatives.
> Fixing the problem in a general way is a much
> more ambitious goal than just extending this assurance to Tor.
I 100% agree the CA issue is a much bigger one than this conversation,
but the situations *are* different.
Saying that, I do understand the "architectural
considerations" (-Facebook) that some large companies might have.
--
Matthew Puckey
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk