[liberationtech] Another CA Compromise: TurkTrust

Amin Sabeti aminsabeti at gmail.com
Thu Jan 3 17:45:36 PST 2013 

One point: Most of the Iranian banks have bought SSL certification from TurkTrust. 

Sent from my iPhone

On 4 Jan 2013, at 01:41, Collin Anderson <collin at averysmallbird.com> wrote:

> On Thu, Jan 3, 2013 at 5:26 PM, Ruben Bloemgarten <ruben at abubble.nl> wrote:
>> "you don´t know who I am, but only we know what we´re telling each other."
> 
> So essentially you and Nadim are arguing that, since CAs fail some of the time, we should get rid of the whole system and end up in the same position -- where there is no trust in validating that the person talking to you is actually who they say they are? 
> 
> Does anyone believe that users will actually understand the difference?
> 
> 
> On Thu, Jan 3, 2013 at 5:26 PM, Ruben Bloemgarten <ruben at abubble.nl> wrote:
>> Nadim,
>> 
>> I think its about time to have CA´s be peer accredited institutes
>> (EFF/tor/access now/my brother´s sister´s cousin/ whoever) issuing free
>> or at least at cost certs. That being said, I don´t think certs are very
>> good at preventing mitm anyway, that might be the case if a majority of
>> users would have the wherewithal for a more realistic reaction than "ooh
>> red/green is bad/good", and even then. Love ssl, don´t really care about
>> certs. So yes, lets dump "trust me, I´ve been certified" in favor of
>> "you don´t know who I am, but only we know what we´re telling each other."
>> 
>> - Ruben
>> 
>> On 01/04/2013 02:09 AM, Nadim Kobeissi wrote:
>> > Another CA has been found issuing SSL certificates for Google services.
>> > Mozilla has acted on the
>> > issue: https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
>> >
>> > The weird thing is that it's starting to appear less and less crazy to
>> > just get rid of the CA system and replace it with… nothing. What do you
>> > guys think?
>> >
>> > NK
>> >
>> >
>> > --
>> > Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
>> >
>> 
>> --
>> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> 
> -- 
> Collin David Anderson
> averysmallbird.com | @cda | Washington, D.C.
> --
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130104/8f252694/attachment.html>

More information about the liberationtech mailing list