[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk

To: DCLUG ML <list@xxxxxxxxxxxxx>
Subject: Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
From: Brad Rogers <brad@xxxxxxxxxxxx>
Date: Mon, 29 Apr 2013 15:15:54 +0100
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAALVBMVEU7WWtAXm9jRlZUSltsfYZKU2Q6WWt1OUhFMUA9V2mINUVDVWdPT19sPk0FGSbRtoAuAAAAkElEQVQ4jWN49+7dszQsgOGJiwd2iXfv+nBJvJuGVQKb4KgE1SV4bxdNYlfAIsG1ZrHVrpXYJJYuXmWFTSI1Uic6+BhWy5PUcLgqfTUOiazFOCRST2OVYL9zSD1IE4vErEVa2J07a9HyVaewSeQcOBm9NQCr5WkJOFyFAkYlKJaY9w6HxIwduCQ6GASxgnnvAK8U0MY7KDuAAAAAAElFTkSuQmCC

On Sun, 28 Apr 2013 22:00:55 +0100
Simon Waters <simon@xxxxxxxxxxxxxx> wrote:

Hello Simon,

>The certificate authorities all do some sort of check aside from taking
>your money.

Yes;  My cynicism was shining through at the time.

>The issue is you are reliant on the security, integrity and checks of
>the weakest of the certificate authorities that your browser trusts.
>
>So the list doesn't scale well, and currently in my browser has a lot of
>entries. Apparently my browser trusts Vodaphone, and Versign, Google,

Google really screw themselves with SSL certs, rolling them out over
time across their mail servers so you get warnings(1) about certificate
validity. I don't trust them to do anything else right, either.

(1) Depends on your MUA and how you set it up.  Several seem to accept,
by default, anything google throws at them, which is a worry.

-- 
 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"
Keep your drink just give em the money
U & Ur Hand - P!nk

Attachment: signature.asc
Description: PGP signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
- From: Martijn Grooten

References:
- [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Martijn Grooten
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Simon Avery
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Brad Rogers
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Martijn Grooten
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Brad Rogers
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Martijn Grooten
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Brad Rogers
- [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
  - From: Simon Waters

Prev by Date: Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
Next by Date: Re: [LUG] Specialties
Previous by thread: Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
Next by thread: Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
Index(es):
- Date
- Thread