IETF Logo Mail Archive

Re: [therightkey] Barely-capable CAs

Rob Stradling <rob.stradling@comodo.com> Thu, 01 November 2012 18:52 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5219621F9393 for <therightkey@ietfa.amsl.com>; Thu, 1 Nov 2012 11:52:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.949
X-Spam-Level:
X-Spam-Status: No, score=-5.949 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bZnznokh0kAv for <therightkey@ietfa.amsl.com>; Thu, 1 Nov 2012 11:52:42 -0700 (PDT)
Received: from mmmail1.mcr.colo.comodoca.net (mdfw.comodoca.net [91.209.196.68]) by ietfa.amsl.com (Postfix) with ESMTP id EE56021F9327 for <therightkey@ietf.org>; Thu, 1 Nov 2012 11:52:41 -0700 (PDT)
Received: (qmail 2924 invoked from network); 1 Nov 2012 18:52:40 -0000
Received: from ian1.brad.office.comodo.net (HELO ian.brad.office.comodo.net) (192.168.0.201) by mail.colo.comodoca.net with ESMTPS (DHE-RSA-AES256-SHA encrypted); 1 Nov 2012 18:52:40 -0000
Received: (qmail 31209 invoked by uid 1000); 1 Nov 2012 18:52:40 -0000
Received: from nigel.brad.office.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (CAMELLIA256-SHA encrypted) ESMTPSA; Thu, 01 Nov 2012 18:52:40 +0000
Message-ID: <5092C4F7.1060908@comodo.com>
Date: Thu, 01 Nov 2012 18:52:39 +0000
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>
References: <7500672F-5BDE-4EBE-ABC3-1AFEF2972D95@vpnc.org> <CABrd9SRa9Ye9gkjpaQ+PqQyay9NKJB__dkDwOBwPHvw16dkTRg@mail.gmail.com> <544B0DD62A64C1448B2DA253C0114146069D3FBAE8@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CAOuvq22PMSq2sAmUBfJcWu6LhEdCA3jKteu38m4UuHbykp7xZw@mail.gmail.com> <544B0DD62A64C1448B2DA253C0114146069D5FC685@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <6DD8CB4F-1233-403D-A27E-F3F80310390F@vpnc.org> <544B0DD62A64C1448B2DA253C0114146069D5FC79B@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <508A48C5.9070005@comodo.com> <544B0DD! 62A64C1448B2DA253C0114146069D76E5FC@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CABrd9STHtw__Wm30Z5T27mx8PMb-mScCSa-EZVDdeQvy_Rru1Q@mail.gmail.com> <544B0DD62A64C1448B2DA253C0114146069F66F830@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CABrd9SSJWm_8BY9uN4D6=LmogwkNeLMZtJaOX2MQU1QuCHJwyg@mail.gmail.com> <80A8F0DC-C894-4299-AEC7-12B84A803E84@vpnc.org> <CAMm+Lwh2Qhv8eHtmy=KisShdJiLYe=ziyfezQELqqfu8y9H5qg@mail.gmail.com> <59E2ABDF-EF90-4BBF-BC45-048BF4C2B848@vpnc.org>
In-Reply-To: <59E2ABDF-EF90-4BBF-BC45-048BF4C2B848@vpnc.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "therightkey@ietf.org" <therightkey@ietf.org>
Subject: Re: [therightkey] Barely-capable CAs
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Nov 2012 18:52:43 -0000

On 01/11/12 16:46, Paul Hoffman wrote:
> On Nov 1, 2012, at 9:29 AM, Phillip Hallam-Baker <hallam@gmail.com> wrote:
>
>> This is about barely capable sysadmins.
>>
>> Different problem.
>
>>From the perspective of the relying party (me, caring about making a secure connection to my bank), the problems are indistinguishable. A CA who retains a sysadmin who is barely capable

Paul, this is about barely capable sysadmins _at your bank_, not at the CA.

(Ben wrote "The process of participating in CT for a _server operator_ 
is...")

> deserves less trust than one who retains sysadmins who are capable.

Obviously I agree that CAs should retain capable sysadmins.

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

v2.23.0 | Report a Bug | By Email