[cryptography] ssh-keys only and EKE for web too (Re: preventing protocol failings)
James A. Donald
jamesd at echeque.com
Thu Jul 14 01:04:46 EDT 2011
> Ian G wrote:
> > The chances of them approving or agreeing to EKE are next to nil.
> > The problem with Mozilla security
> > coding is more this: most (all?) of the programmers who work in that
> > area are all employees of the big software providers. And they all
> > have a vested interest in working for the status quo, all are opposed
> > to any change.
On 2011-07-14 10:41 AM, Brian Smith wrote:
> * https://wiki.mozilla.org/Identity/Features/Verified_Email_Service
> * https://wiki.mozilla.org/Security/DNSSEC-TLS
> * http://firstname.lastname@example.org/msg10018.html
Perhaps you think these links suggest that mozilla is not in the pocket
of the CAs, in that some people at mozilla are attempting to make DNSEC
But they are going to make it useful by making the DNS into a super CA.
You are still going to have to buy your certificate from an existing
CA, and the DNS system will bless it.
This like designing a bicycle with three and half wheels. Any
restructuring that makes DNSSEC useful would make the CAs useless. The
goal of their design is not to make DNSSEC useful, but to make it useful
in a fashion that does not harm the CA business model.
More information about the cryptography