[Freedombox-discuss] Debian as though cryptographic authentication mattered Questions
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Aug 5 20:07:28 UTC 2011
On 08/05/2011 04:01 PM, Melvin Carvalho wrote:
> In general it would be fair to say WebiD has a dependency on DNS but
> so does email email. In both systems there are cases where you can
> work without DNS.
>
> Unsure of the supposed dependency of the CA Cartel, given that
> certificates are self signed. Perhaps I'm missing something, tho.
Barring a functional DNSSEC+DANE implementation (which no one seems to
have running in the real world yet to my knowledge), there is a
dependency on the CA Cartel to verify the certificates of the web
servers involved.
I'm assuming, of course, that the web servers use HTTPS; otherwise, a
network attacker could simply hijack the connections to the server directly.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110805/c6ae6545/attachment.pgp>
More information about the Freedombox-discuss
mailing list