[PLUG] wifi security
Tim
tim-pdxlug at sentinelchicken.org
Thu Feb 26 00:03:36 UTC 2009
> The issue there is the rent-seeking CA's. If the CA-signed certs
> weren't so freaking expensive, more low-grade uses would have their
> sheets all starched.
Yeah, it's true. That comment was sort of tongue in cheek since I know
that under the current CA regime it would be impossible for the little
guy to put certificates on everything.
There are some major issues with SSL's all-or-nothing PKI. If there are
problems with any one certificate in your browser's CA list, all
websites are now vulnerable.
CA certificate distribution is almost completely driven by browsers and
the money they may or may not charge to get a CA added to the list. If
we had a better way to compartmentalize trust, such as is used in PGP's
web of trust, then it wouldn't be as scary for users to add different
networks' CA certificates to their browsers.
I think there have been some attempts to do this before, but none have
caught on well. I place much of the blame on browsers, all of them, for
not providing a more flexible authentication heirarchy.
cheers,
tim
More information about the PLUG
mailing list