[cryptography] Another data point on SSL "trusted" root CA reliability (S Korea)

Bushmanov Romanov bakdafu at gmail.com
Thu Sep 22 11:30:58 EDT 2011


Let's be honest, without any methamatical/design/architectural
assumptions, about the current PKI practical context. One of the
weakest links of PKI is trust delegation to some sort of governement
based legislated system. As said, somewhere on this maling list, CA's
are companies in those same legislative ecosystems. This should be
seen if you study the current "View of certificates" you get from
popular endpoints using different geographic locations. Cross
correlating this with the current PKI CA's/Delegations Trust network
should give us an hint that effectively governments are monitoring the
People. I think we should make an effort, in name of freedom, and
study this more carefully and sooner as possible. SSL Observatory from
EFF is a step forward but we need more.

1 - We need data on the details of certificates obtained from
different geographic/government locations when pointing to popular
endpoints such us google, facebook and so on
2 - We need to map/take_in_account clustered endpoints, like google,
when doing this, since certificates differ in the clusters.
3 - Sitting ourselfs in different geographic locations when performing
data collection should be done using different methods (use of
proxy's, people from different countries submitting their certificates
views..???).






On Thu, Sep 22, 2011 at 10:38 AM, Ralph Holz <holz at net.in.tum.de> wrote:
> Hi,
>
> Sorry, but this is too good. This is the Bavarian tax office, and ELSTER
> is the government's tax software:
>
> C=DE, ST=Bayern, L=Muenchen, O=Bayerisches Landesamt fuer Steuern -
> Dienststelle Muenchen, OU=ELSTER, CN=Elster HTTPS-Client, 41
>
> I seem to live in the country of offenders.
>
> Ralph
> --
> Dipl.-Inform. Ralph Holz
> I8: Network Architectures and Services
> Technische Universität München
> http://www.net.in.tum.de/de/mitarbeiter/holz/
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
>



More information about the cryptography mailing list