[cryptography] Math corrections

Chris Palmer snackypants at gmail.com
Wed Sep 21 14:48:30 EDT 2011


On Wed, Sep 21, 2011 at 11:30 AM, ianG <iang at iang.org> wrote:

> It's a good term!  Add my use:  There is a universal implicit
> cross-certification in the secure browsing PKI, and the industry knows it,
> or should know it.
>
> Indeed, we can show evidence of this in Chrome's CA pinning.

I had assumed everyone understood that universal implicit
cross-certification — or, from another point of view, the lack of
constraints on a signer's authority, such as name constraints or
jurisdictional constraints — was the most burningly obvious problem in
browser PKI. (The clown-town semantics of X.509 are a close second, of
course.)

But, then, I also assumed that the usability failure was apparent to
everyone as well — K6 indeed! (Can you imagine soldiers under fire
trying to figure out if their browser is talking to the right HQ?
Makes flipping to the right page in the OTP codebook seem trivially
easy by comparison.)


-- 
"These days, though, you have to be pretty technical before you can
even aspire to crudeness." — William Gibson



More information about the cryptography mailing list