Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

Phillip Hallam-Baker <hallam@gmail.com> Mon, 16 December 2013 02:21 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: therightkey@ietfa.amsl.com
Delivered-To: therightkey@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 918AF1AE27D for <therightkey@ietfa.amsl.com>; Sun, 15 Dec 2013 18:21:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Level:
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YWTEeU7WBDS9 for <therightkey@ietfa.amsl.com>; Sun, 15 Dec 2013 18:21:40 -0800 (PST)
Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 7F8631AE27C for <therightkey@ietf.org>; Sun, 15 Dec 2013 18:21:40 -0800 (PST)
Received: by mail-wg0-f47.google.com with SMTP id n12so4051183wgh.14 for <therightkey@ietf.org>; Sun, 15 Dec 2013 18:21:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=rQQW3d3r9dRgqHy8Y8sWbGLXKWxLwJitmrTZkDTxRw0=; b=hSW5ROsucUIVG33Ub36DMpDW7bKATDvP70BHrtgZcgKDXwOQfBcZapKVHKXzsVHtES 2H+yTp0MglvRQTF5wlgeS76Qd+F7h2BIC5O+HmGQrK/9JTHhl6Zd+61XRyWEUZRTKlhg a+T1DOCvBrjCW6S2mgVxanwLGcgNUdIr9cPGTlrzNp74kTzFc7fExzQI36BZz8+6wlX4 iurveB0yfEU81UvujA2lSU5Er9ex9IerVxIt3CSFmeWr7W8cixeIFueazBrv9JfNaIV6 TjtO72Yt8e+MgnFb6fjOwwB0peGlhoIC4870Mio5nMWMn1RMbYWpDJsctH8ugCzf/4xp GbGA==
MIME-Version: 1.0
X-Received: by 10.194.11.38 with SMTP id n6mr11020093wjb.25.1387160499560; Sun, 15 Dec 2013 18:21:39 -0800 (PST)
Received: by 10.194.243.136 with HTTP; Sun, 15 Dec 2013 18:21:39 -0800 (PST)
In-Reply-To: <FEFA307D-97E0-4C58-AB43-5B9AB8E8FC70@taoeffect.com>
References: <22429D73-4EFC-4091-8F5B-BAD38968EA54@taoeffect.com> <CAMm+LwiMXdEnHqD0y_S-fP6081Tk=A=7-9LsJQhRuawmmmfdTg@mail.gmail.com> <FEFA307D-97E0-4C58-AB43-5B9AB8E8FC70@taoeffect.com>
Date: Sun, 15 Dec 2013 21:21:39 -0500
Message-ID: <CAMm+Lwjwww28tV_qvqQVH3xo1xqvjb6z++258+LOqgxWn-Oh9w@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Tao Effect <contact@taoeffect.com>
Content-Type: multipart/alternative; boundary=047d7b5d5710d2a6aa04ed9d78b6
Cc: "therightkey@ietf.org" <therightkey@ietf.org>
Subject: Re: [therightkey] DNSNMC deprecates Certificate Authorities and fixes HTTPS security
X-BeenThere: therightkey@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <therightkey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/therightkey>, <mailto:therightkey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/therightkey/>
List-Post: <mailto:therightkey@ietf.org>
List-Help: <mailto:therightkey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/therightkey>, <mailto:therightkey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Dec 2013 02:21:44 -0000

On Sun, Dec 15, 2013 at 8:50 PM, Tao Effect <contact@taoeffect.com> wrote:

> And for someone who is accusing others of being 'fraudulent', not a good
> move to start off repeating figures already exposed as bogus like the oft
> repeated but still untrue claim of 600 CAs.
>
>
> I thought the EFF was a reputable source.
>
> There has been no update or correction to their post:
> https://www.eff.org/deeplinks/2011/10/how-secure-https-today
>

Which kind of calls their credibility into question. HALF the 'CAs' in
their graph are from the DFN root. You can check that out for yourself, it
is a German CA that issues certs to higher education institutions. As has
been demonstrated (and agreed by the EFF people), DFN do not sign certs for
key signing keys they do not hold.

You can't calculate the number of CAs the way the EFF tried to. An
intermediate certificate does not equate to a CA. Pretending it does to
peddle an alternative PKI scheme calls into question their veracity.

I have tried to get members of the EFF board to look into this but they
never get back. Too much trouble to get it right.


Tying the notary log to namecoin seems to be completely pointless to me,
> unless the real objective is to promote namecoin. Why hook into namecoin
> rather than the market leader?
>
>
> What market leader?
>

I was under the impression that Bitcoin was the preferred currency of
libertopia. It is the only one that gets mention in the mainstream press.
It is not clear to me how namecoin can be part of BitCoin and another
currency.



> Given the success of the US government in shutting down eGold type schemes
> I am very skeptical about the stability of 'namecoin'. If we accept the
> purported scenarios that motivate the scheme then namecoin won't last very
> long.
>
>
> What eGold scheme are you comparing Namecoin to?
>

Gold Age, eGold, Liberty Reserve. All the ones that were taken apart by the
Feds.



> Are you sure you know what you're talking about here...? ;-)
>

I must admit that I find the scheme completely confused and assumes that I
know a lot that I do not.

I might be a little more inclined to make an effort if you hadn't attacked
me as being 'fraudulent' in your opening.


-- 
Website: http://hallambaker.com/