[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities
- To: BMF <badmotherfsckr@xxxxxxxxx>, Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] [GOATSE SECURITY] Clench: Goatse's way to say "screw you" to certificate authorities
- From: Larry Seltzer <larry@xxxxxxxxxxxxxxxx>
- Date: Wed, 8 Sep 2010 16:08:20 -0400
It's true that conventional certs have been completely devalued by the
bottom-feeders. This is a good argument for EV. Goatse may dismiss EV as a
joke, but there are very few EV CAs and none of them are TELECOM MINISTRY
OF BUTTFUCKISTAN. The spec requires that they authenticate the operation
of the entity and include other fields about it that software can check.
EV's not a good solution for everything and it's expensive because there's
real work in doing what you have to do, but it would address a lot of the
problems discussed here.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/