[cryptography] GlobalSign temporarily ceases issuance of all certificates

Ian G iang at iang.org
Thu Sep 8 07:33:57 EDT 2011



On 08/09/2011, at 11:31, Lucky Green <shamrock at cypherpunks.to> wrote:

> The SSL/public CA model did an admirable job in that regard and Taher
> ElGamal and Paul Kocher deserve full credit for this accomplishment.

As long as we can document that original model, I'm inclined to agree.


> SSL's design goals explicitly excluded protection against national
> government security and law enforcement entities. Indeed, SSL original
> design contains a wide selection of features exclusively geared towards
> facilitating interception by governmental entities. RC4-40 being one
> such feature.

Reverse engineering the design strongly suggests this requirement. What we lack is evidence.

> With 40-bit crypto as the designated burst plate, there was no sound
> engineering reason to fortify the rest of the plumbing to withstand the
> pressures generated by national government level adversaries.

Is there any documentation that bears this out? Any testimony?

It would be useful to have, as the meta-CAs have struggled to publically document requirements here, and thus created unnecessary wheel-spinning ... Eg the CNICC affair.


Iang


More information about the cryptography mailing list