Re: [TLS] TLS, PKI, and web security. Was: Eleven out of every ten SSL certs aren't valid
"Jeffrey A. Williams" <jwkckid1@ix.netcom.com> Tue, 13 July 2010 21:21 UTC
Return-Path: <jwkckid1@ix.netcom.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 291D13A6800 for <tls@core3.amsl.com>; Tue, 13 Jul 2010 14:21:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2rctPFZrTvvx for <tls@core3.amsl.com>; Tue, 13 Jul 2010 14:21:54 -0700 (PDT)
Received: from elasmtp-scoter.atl.sa.earthlink.net (elasmtp-scoter.atl.sa.earthlink.net [209.86.89.67]) by core3.amsl.com (Postfix) with ESMTP id C747B3A679F for <tls@ietf.org>; Tue, 13 Jul 2010 14:21:52 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=f21USCJvmHijpmBM7RK5VSkFVvFKomUsq0i0klmxH4vToOzO9JTJqj1hk8s0KCtk; h=Message-ID:Date:From:Reply-To:To:Subject:Cc:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP;
Received: from [209.86.224.46] (helo=elwamui-royal.atl.sa.earthlink.net) by elasmtp-scoter.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <jwkckid1@ix.netcom.com>) id 1OYmvP-0004jV-Ac; Tue, 13 Jul 2010 17:21:59 -0400
Received: from 99.93.224.206 by webmail.earthlink.net with HTTP; Tue, 13 Jul 2010 17:21:58 -0400
Message-ID: <27016105.1279056119291.JavaMail.root@elwamui-royal.atl.sa.earthlink.net>
Date: Tue, 13 Jul 2010 16:21:58 -0500
From: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com>
To: Bruno Harbulot <Bruno.Harbulot@manchester.ac.uk>, tls@ietf.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Mailer: EarthLink Zoo Mail 1.0
X-ELNK-Trace: c8e3929e1e9c87a874cfc7ce3b1ad11381c87f5e5196068857e210a43172243a14a56273c5959553350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 209.86.224.46
Cc: graves.spindler@dhs.gov
Subject: Re: [TLS] TLS, PKI, and web security. Was: Eleven out of every ten SSL certs aren't valid
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2010 21:21:55 -0000
Bruno and all, Good point Bruno. Still though Roberts right here. Additionally there are also service providers of various types that are their own CA as well that may or may not be a contributer to issuing invalid certs. -----Original Message----- >From: Bruno Harbulot <Bruno.Harbulot@manchester.ac.uk> >Sent: Jul 13, 2010 12:51 PM >To: tls@ietf.org >Subject: Re: [TLS] TLS, PKI, and web security. Was: Eleven out of every ten SSL certs aren't valid > > > >On 13/07/10 17:40, Robert Relyea wrote: >> The real problem, of course, is those sites that don't have valid certs. >> Continuing to ratched down the ability to get to those sites is good for >> the internet as a whole. Sites with invalid certs are just as dangerous >> for the internet as MITM sites. > >Then we're back on the possible subjective manner by which CA >certificates get into browsers by default. There are consequences in >terms of oligopoly, which might not be so good for the internet as a whole. > > >Best wishes, > >Bruno. > >_______________________________________________ >TLS mailing list >TLS@ietf.org >https://www.ietf.org/mailman/listinfo/tls Regards, Jeffrey A. Williams Spokesman for INEGroup LLA. - (Over 300+k members/stakeholders and growing, strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com Phone: 214-244-4827
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Blumenthal, Uri - 0668 - MITLL
- Re: [TLS] TLS, PKI, and web security. Was: Eleven… Jeffrey A. Williams