Re: [TLS] EU cards
Nikos Mavrogiannopoulos <nmav@gnutls.org> Fri, 29 July 2011 09:00 UTC
Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1F1C21F84F6 for <tls@ietfa.amsl.com>; Fri, 29 Jul 2011 02:00:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c++7Ydjccprv for <tls@ietfa.amsl.com>; Fri, 29 Jul 2011 02:00:54 -0700 (PDT)
Received: from mail-pz0-f53.google.com (mail-pz0-f53.google.com [209.85.210.53]) by ietfa.amsl.com (Postfix) with ESMTP id A814321F8A6C for <tls@ietf.org>; Fri, 29 Jul 2011 02:00:54 -0700 (PDT)
Received: by pzk6 with SMTP id 6so5660026pzk.26 for <tls@ietf.org>; Fri, 29 Jul 2011 02:00:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=EVMW4wjBrweNfJl7TG5swEYdJ/X9aG+rl0zMoWbQtjA=; b=ex1zBYmW4hACtZy56SQZfrhe9sB+GjvM8pAOYvDl4aOd0ahusZ5D5Od473xc0qmW4z YkniJwBkKm3JYz5xAzW5dXsQ1pxXnoHAok+gQtfPJRh41zGG56kZzWSlimiw9YwJhgx6 VrSE/B3UTEJd2RsJTVunSuMayvvby756fUVxg=
MIME-Version: 1.0
Received: by 10.68.13.193 with SMTP id j1mr1652054pbc.384.1311930054198; Fri, 29 Jul 2011 02:00:54 -0700 (PDT)
Sender: n.mavrogiannopoulos@gmail.com
Received: by 10.142.156.16 with HTTP; Fri, 29 Jul 2011 02:00:54 -0700 (PDT)
In-Reply-To: <DB557E02-F20B-4775-980E-1010F1C6929F@bblfish.net>
References: <E1QmgO0-0006w9-NS@login01.fos.auckland.ac.nz> <4E326283.3030005@telia.com> <DB557E02-F20B-4775-980E-1010F1C6929F@bblfish.net>
Date: Fri, 29 Jul 2011 11:00:54 +0200
X-Google-Sender-Auth: jOan4tJbOiEAAj1HArCHvMHAbEo
Message-ID: <CAJU7zaJZX+NL-kNGkdpdCwy+V_aF=zGLtgidUxvd_OP72oLHWw@mail.gmail.com>
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: Henry Story <henry.story@bblfish.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: tls@ietf.org
Subject: Re: [TLS] EU cards
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2011 09:00:55 -0000
On Fri, Jul 29, 2011 at 10:00 AM, Henry Story <henry.story@bblfish.net> wrote: > My take from this whole discussion is that PKI has been sold to unilaterally to one group of people. It has been sold to large banks and security heavy industries. They tend to make things more complicated, and their security people are too security conscious, having to deal with the most determined enemies. A good security profession in banks MUST like a good military man, be far from the daily family life. He is there to think about disasters, so that they don't happen, so that nobody should think about them. [...] > That is what http://webid.info/ offers. Start with the low hanging problems: passwords. Then move on to add technology piece by piece to move up the security ladder. This is the way technology works. Microsoft started with DOS and moved its way up to more and more secure versions of Windows - whatever you think of their OS you can't deny that that was a very successful strategy. If you are referring to PKI as in PKIX (X.509) then banks had nothing to do with it. Banks had their own set of standards that never took off. PKIX was based on a telecommunications standard, that evolved over the years as DOS in your example did. Many people think that this was a sucessful strategy as well, and some others think it is just ugly. regards, Nikos
- [TLS] HTTPS client-certificate-authentication in … Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Peter Saint-Andre
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Paul Wouters
- Re: [TLS] HTTPS client-certificate-authentication… Martin Rex
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Peter Gutmann
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Martin Rex
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Martin Rex
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Martin Rex
- Re: [TLS] HTTPS client-certificate-authentication… Daniel Kahn Gillmor
- Re: [TLS] HTTPS client-certificate-authentication… Peter Gutmann
- Re: [TLS] HTTPS client-certificate-authentication… Matt McCutchen
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Peter Gutmann
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Martin Rex
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Martin Rex
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Martin Rex
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Martin Rex
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Peter Gutmann
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Stefan Winter
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Peter Gutmann
- Re: [TLS] HTTPS client-certificate-authentication… Anders Rundgren
- Re: [TLS] HTTPS client-certificate-authentication… Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… Peter Gutmann
- Re: [TLS] EU cards Anders Rundgren
- Re: [TLS] EU cards Henry Story
- Re: [TLS] EU cards Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] HTTPS client-certificate-authentication… Martin Rex
- Re: [TLS] EU cards Anders Rundgren
- Re: [TLS] EU cards Peter Gutmann
- Re: [TLS] EU cards Peter Gutmann
- Re: [TLS] HTTPS client-certificate-authentication… Peter Gutmann
- Re: [TLS] EU cards Anders Rundgren
- Re: [TLS] EU cards Henry Story
- Re: [TLS] EU cards Nikos Mavrogiannopoulos
- Re: [TLS] EU cards Yoav Nir
- Re: [TLS] EU cards Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] HTTPS client-certificate-authentication… Wan-Teh Chang
- Re: [TLS] EU cards Henry Story
- Re: [TLS] HTTPS client-certificate-authentication… t.petch
- Re: [TLS] HTTPS client-certificate-authentication… Peter Gutmann
- Re: [TLS] HTTPS client-certificate-authentication… Martin Rex