Re: [openpgp] Manifesto - who is the new OpenPGP for?
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 26 March 2015 01:23 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0199A1A1BB8 for <openpgp@ietfa.amsl.com>; Wed, 25 Mar 2015 18:23:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oPkOyAwX2XiD for <openpgp@ietfa.amsl.com>; Wed, 25 Mar 2015 18:23:30 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46E5C1ACDD5 for <openpgp@ietf.org>; Wed, 25 Mar 2015 18:23:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1427333010; x=1458869010; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=CzZx9gRI2C3vGYveuzOs3s4AFiAAJiN/3LfQgzuTbu8=; b=DatMz82bTT6eXu0KIYMAo4lMWTTXqHYT4Cv6mlJ0Wv1Q/1AGSILH96Yk PNNqfl+8ay59PsfYO7OnQyllJh13d/hFKGXGfORJ5esuqsBMhCRfuG+GP usXvnFzCCOjoKD4oLOqtF1L/wyoAFkROqG619+UUVzDdsHPNNhdcefaRv Y=;
X-IronPort-AV: E=Sophos;i="5.11,468,1422874800"; d="scan'208";a="316935303"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 26 Mar 2015 14:23:28 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.82]) by uxchange10-fe2.UoA.auckland.ac.nz ([130.216.4.106]) with mapi id 14.03.0174.001; Thu, 26 Mar 2015 14:23:27 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: [openpgp] Manifesto - who is the new OpenPGP for?
Thread-Index: AdBnY3ZBwtFJNVXAQ2u9BRvRU6Ta1g==
Date: Thu, 26 Mar 2015 01:23:27 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73AAFBEC7E@uxcn10-5.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/ggFPJEYZgmDGYxCLc_mR1U74Es4>
Subject: Re: [openpgp] Manifesto - who is the new OpenPGP for?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 01:23:35 -0000
Christoph Anton Mitterer <calestyo@scientia.net> writes: > inherently broken (unless of course one trusts the Mozilla CAs, e.g. > turktrust and CNNIC O:-) ) I've always wondered, what do people have against these two certificate vending machines in particular? Given that other vending machines trusted by Mozilla have done all manner of bad things (selling certs to phishers and other criminals, selling certs for things like apple.com to multiple people who asked for them, selling thousands upon thousands of certs for internal, unqualified, and RFC 1918 domains/addresses, etc), why the hostility directed at these two? They're vending machines like any others, and what they did seems to be genuine slip-ups rather than, for example, supplying certs to Russian organised crime as other vendors have done. It seems like a second informal requirement for being in a browser, alongside "Don't sell only a small number of certs" (to meet the TB2F criteria required by browsers if something goes wrong) is "Don't be Chinese or Arab/Persian/ Turkic". I don't know if any Russian/Byelorussian/Ukrainian/*stani vending machines are present in browsers, but I'm guessing being one of those won't be easy either. Peter.
- Re: [openpgp] Manifesto - who is the new OpenPGP … Peter Gutmann