[cryptography] Bonding or Insuring of CAs?

Adam Back adam at cypherspace.org
Fri Jan 25 20:16:23 EST 2013

I had the impression this list and its predecssor moderated (too heavily
IMO) by Perry were primarily about applied crypto.  So you get to tolerate a
bit of applied crypto security stuff if you're interested in crypto theory
and vice versa.  Seems healthy to me (cross informs both camps).

In terms of its practical significance I would disagree that this could
conceivably be off topic - the very underpinnings of all trust and security
of public key cryptography are seemingy coming unhinged due largely to
gross trust absuses by a few CAs (and who knows that there arent a few more
such explosive trust issues lurking in other CAs they managed so far to
keep from view).

Anything practical and theoretical to fix that would be in practice rather
important for the security of any X.509 cert using protocol.  ie BEAST
attacks and other SSL crypto attacks are by comparison while more
technically interesting of relative insignificance in terms of how security
guarantees have been in cases being stripped by rogue CAs and some

I do agree that list proliferation is bad  But at this stage dont we have it
all the noise ratio is very low by list standards?  (Those who were on the
unmoderated cypherpunks list in the old days know what I am talking about in
terms of signal to noise at the worst times).

About bonding that seems like potentially a good idea, in that as we have
seen from finance risks - the pure financial motive can and does commonly
lead to reckless behaviour which can risk the continued existance of a
company.  I'm not sure if it was clear there was a big element of this being
a deterrent that is not already in place though presuaby the threat of
having to declare bankruptcy to avoid liability is not something a CA wants
to do.


On Fri, Jan 25, 2013 at 04:31:35PM -0800, Paul Hoffman wrote:
>On Jan 25, 2013, at 4:11 PM, Natanael <natanael.l at gmail.com> wrote:
>> If somebody wants there to be a pure cryptography mailing list and separate more generic one (like this one currently is), I think that person would have to try starting a more strict crypto mailing list, because I don't think most people here would want the rules here to get stricter or that they would want to switch to a different list that would be just like this one is now.
>The off-list responses to my message would disagree with you.
>> We also don't want too many different lists.
>Some of "we" do. My question was to tease this out a bit.
>I'm happy to shut up about it if I'm in the minority, but the question that started this thread was a perfect example of something that is about security (actually, security operations), not cryptography, and yet gets brought up on this list more and more.
>--Paul Hoffman
>cryptography mailing list
>cryptography at randombit.net

More information about the cryptography mailing list