[cryptography] GlobalSign temporarily ceases issuance of all certificates
iang at iang.org
Thu Sep 8 07:33:57 EDT 2011
On 08/09/2011, at 11:31, Lucky Green <shamrock at cypherpunks.to> wrote:
> The SSL/public CA model did an admirable job in that regard and Taher
> ElGamal and Paul Kocher deserve full credit for this accomplishment.
As long as we can document that original model, I'm inclined to agree.
> SSL's design goals explicitly excluded protection against national
> government security and law enforcement entities. Indeed, SSL original
> design contains a wide selection of features exclusively geared towards
> facilitating interception by governmental entities. RC4-40 being one
> such feature.
Reverse engineering the design strongly suggests this requirement. What we lack is evidence.
> With 40-bit crypto as the designated burst plate, there was no sound
> engineering reason to fortify the rest of the plumbing to withstand the
> pressures generated by national government level adversaries.
Is there any documentation that bears this out? Any testimony?
It would be useful to have, as the meta-CAs have struggled to publically document requirements here, and thus created unnecessary wheel-spinning ... Eg the CNICC affair.
More information about the cryptography