Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

[Leif Johansson <leifj@mnt.se>]

On 2013-12-16 15:31, Phillip Hallam-Baker wrote:
>
>
>
> On Mon, Dec 16, 2013 at 1:32 AM, Leif Johansson <leifj@mnt.se
> <mailto:leifj@mnt.se>> wrote:
>
>
>
>     16 dec 2013 kl. 03:21 skrev Phillip Hallam-Baker <hallam@gmail.com
>     <mailto:hallam@gmail.com>>:
>
>>
>>
>>
>>     On Sun, Dec 15, 2013 at 8:50 PM, Tao Effect
>>     <contact@taoeffect.com <mailto:contact@taoeffect.com>> wrote:
>>
>>>         And for someone who is accusing others of being
>>>         'fraudulent', not a good move to start off repeating figures
>>>         already exposed as bogus like the oft repeated but still
>>>         untrue claim of 600 CAs.
>>
>>         I thought the EFF was a reputable source.
>>
>>         There has been no update or correction to their
>>         post: https://www.eff.org/deeplinks/2011/10/how-secure-https-today
>>
>>
>>     Which kind of calls their credibility into question. HALF the
>>     'CAs' in their graph are from the DFN root. You can check that
>>     out for yourself, it is a German CA that issues certs to higher
>>     education institutions. As has been demonstrated (and agreed by
>>     the EFF people), DFN do not sign certs for key signing keys they
>>     do not hold.
>>
>
>     yep, DFN is a 'private' sub-CA under tight control but it could
>     still be attacked the way diginotar was and though I believe their
>     secuity is a lot better than their less fortunate Dutch cousins, a
>     successful attack would be just as bad.
>
>
>
> That does not excuse 
>
> 1) Failing to examine the issue when the DFN root accounted for half
> of the purported '600 CAs'
>
> 2) Continuing to count the DFN as 300 CAs when they know it is one.
>

agree

>
> Putting out sloppy research and then failing to correct it when a
> mistake is committed is the problem. If someone publishes a flawed
> study I expect them to withdraw it when the errors are pointed out. I
> don't expect them to say that they are going to continue to publish a
> number they know is out by a factor of at least 2 because getting a
> correct number would be too much work.
>
> If people are going to make pointed accusations about the
> trustworthiness of others then they had better not continue to
> knowingly publish false data.
>
>
> As with the 'Al Gore claimed to invent the internet' lie, this has
> become a zombie lie that is repeated to make a political point by
> people who don't really care if what they are saying is true or not.
>
> I think that is a problem. And I am going to continue to point out
> that the EFF is peddling a lie until they withdraw it.
>
> -- 
> Website: http://hallambaker.com/