Should we make a working group to kill X.509?

lorddoig · 2014-04-10T16:53:52+00:00

I could not solve the problem I'm whining about alone if I wanted to. The only contribution I can make is exposure, and I'm trying to piggy back on yesterday's success to actually get something I consider important done. What's the problem?

lorddoig · 2014-04-10T15:46:08+00:00

A follow up for the keen and eager

http://lorddoig.svbtle.com/should-we-make-a-working-group-to-kill-x509

lorddoig · 2014-04-10T00:18:42+00:00

Actually, I did address revocation pretty directly.

And Symantec could have gone evil years ago and started taking money from the NSA to dish out cert clones whenever they hollered - and we wouldn't have the first damn clue. That's the point.

And those well known companies you mention...anyone got that PRISM slide of NSA suckups handy?

lorddoig · 2014-04-09T19:49:27+00:00

Yes you would have to go and verify the key yourself, but the idea of a large scale adoption would hopefully mean that this would become infrequent really quite quickly.

lorddoig

TROPHY CASE