Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. therubackup (therubackup@theru.xyz)'s status on Monday, 20-Nov-2017 10:09:38 EST therubackup therubackup
    Bye bye Startssl/start.com http://www.securityweek.com/startcom-ca-shut-down-after-ban-browser-vendors
    In conversation Monday, 20-Nov-2017 10:09:38 EST from theru.xyz permalink
    1. Bob Jonkman (bobjonkman@gs.jonkman.ca)'s status on Monday, 20-Nov-2017 10:56:00 EST Bob Jonkman Bob Jonkman
      in reply to
      This makes a number of excellent illustrations of why the entire PKI system is broken. 1) Browser vendors wield power out of all proportion to their contribution to PKI. The same SSL certs banned by browsers can also be used for e-mail, XMPP, PBXes, &c. 2) A rogue Certficate Authority can poison the entire PKI with falsely issued certificates. Yes, there exists OCSP to ensure a cert doesn't change, but a) some major websites change their certs frequently (hello, Google!), and b)Trust On First Use could still trust the bogus cert if it gets seen before the legit cert.
      In conversation Monday, 20-Nov-2017 10:56:00 EST from web permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.