[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
From: Martijn Grooten <sweetwatergeek@xxxxxxxxx>
Date: Sun, 28 Apr 2013 22:50:15 +0100
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=FfyTq1sqSzZsKE4wbkKZ1/DumhRilqi2Uqz5kiK3s2s=; b=rHlVZvxnpiuDLjf3jrz8V+Gs1aWtBzLhUNK1qzGq4Cy8z5H9ik2TKigDsGnB8v8knX UodwJrCfmiekI1MwPuQrS2qzVcNO7khZdRqmxirA8KF5CxOSUL+aPG7XcGQdek5kXHtr B/spEQVHcdNNDv/ccU3VTUoA3Q8CUQyMSXVV0JinZhOEagqH+F0Sek4VT8qv0spYWXUK nPGT8fgOMR262gUlfLqFlmBm/E3lOAlXl065Uavz+a/29VivChCksY75KWY5obntsGdt M/crZOUww4tCncstTU+78T2sOJ2TaBculF6ydoJth0vhtAwNKjkRpGkNLrl8v9cqwsXK Vx0g==

On Sun, Apr 28, 2013 at 10:40 PM, bad apple wrote:
> Also, DNSSEC must be implemented everywhere at the first possible
> opportunity, if not sooner.

While I'm in favour of DNSSEC, I'm somewhat worried by a remark I
heard around the time of, I believe, the Diginotar hack* when everyone
was told to delete some CAs from their browser and someone said:
DNSSEC is like HTTPS, except you don't have the possibility to
manually revoke the certificates if they get compromised.

Now I don't believe manual revocation would be a good solution anyway,
but it did make me think.

* Diginotar was a Dutch certificate authority (CA) that got hacked
into by some Iranians (with little effort), who created certificates
for Google and others, that they used to read the emails of opposition
activists.

Martijn.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

References:
- [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Martijn Grooten
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Simon Avery
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Brad Rogers
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Martijn Grooten
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Brad Rogers
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Martijn Grooten
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Brad Rogers
- [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
  - From: Simon Waters
- Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
  - From: bad apple

Prev by Date: Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
Next by Date: Re: [LUG] Avatars and advertising
Previous by thread: Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
Next by thread: Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
Index(es):
- Date
- Thread