Foiling MITM attacks on source and ports trees
Chad Perrin
perrin at apotheon.com
Wed Jan 7 07:23:27 UTC 2009
On Tue, Jan 06, 2009 at 11:11:52AM -0900, Mel wrote:
> On Tuesday 06 January 2009 10:31:26 Chad Perrin wrote:
> >
> > Out-of-band corroboration of a certificate's authenticity is kind of
> > necessary to the security model of SSL/TLS. A self-signed certificate,
> > in and of itself, is not really sufficient to ensure the absence of a man
> > in the middle attack or other compromise of the system.
> >
> > On the other hand, I don't trust Verisign, either.
>
> In the less virtual world, we only trust governments to provide identity
> papers (manufactured by companies, but still the records are kept and
> verified by a government entity).
> Instead of trying to regulate the internet and provide a penal system,
> governments would do much better taking their responsibility on these issues.
> It shouldn't be so hard to give every citizen the option to "get an online
> certificate corresponding with their passport" and similarly for Chambers of
> Commerce to provide certificates for businesses.
My distrust of of the certifying authority is not mitigated by replacing
Verisign with FedCorp. Institutional incompetence is typically a result
of bureaucracy -- and even major corporations don't get as mired in
bureaucracy as government.
--
Chad Perrin [ content licensed OWL: http://owl.apotheon.org ]
Quoth Bill McKibben: "The laws of Congress and the laws of physics have
grown increasingly divergent, and the laws of physics are not likely to
yield."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090107/41b62725/attachment.pgp
More information about the freebsd-questions
mailing list