Am 14.04.2016 um 00:54 schrieb Sebastian:
The browser developers have just decided that the trust relationship architecture of the virtual world will be driven by the copyright dinosaurs from now on, by pulling off platform support from under those who were experimenting with building meaningful trust models with the admittedly few tools we already had. [...] The sociological and political fabric of society fundamentally depends on our communication abilities. The future of our communication abilities in turn depends on the communication platforms and the trust relation models they support.That's true. But the keygen element is flawed by the known-broken CA system(*) and you can't build a secure house on a broken foundation. You could check whether the certificate for your site is issued by your CA, but if the can issue certificates they could simply attack your browsers updater. Our only hope for truly secure communication are tools like pgp combined with anonymity through for example TOR or freenet (not the ISP)
how do you come to the conclusion that you need any 3rd party CA for a client certificate which you accept on your server?
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/