[cryptography] GlobalSign temporarily ceases issuance of all certificates

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Sep 8 01:28:50 EDT 2011


Ian G <iang at iang.org> writes:

  It is not a new observation that the original threat modelling had flaws you
  could drive a truck through :)

You forgot to mention what the SSL/browser PKI threat model actually is, as
first pointed out by some guy called Grigg:

  SSL/browser PKI is defined to be the solution.  
  The threat is defined to be whatever the solution addresses.

(I've termed it "The Inside-Out Threat Model".  Unfortunately quite common in
computer security).

Peter.



More information about the cryptography mailing list