Web of Trust (a revolution)

m maximilianbianco at gmail.com
Tue Mar 31 16:27:54 UTC 2009 

Bruno Wolff III wrote:
> On Tue, Mar 31, 2009 at 11:00:34 -0400,
>   m <maximilianbianco at gmail.com> wrote:
>> Difficult at best, who wants to trust a faceless corporation? Not to be  
>> cynical but you might trust the receptionist but what about the IT dept?  
>> Are they competent? Money is no guarantee of anything, in fact the  
>> larger the company the more likely they will let something slip through  
>> the cracks. Companies all say they are secure and trustworthy, but who  
>> is hiring these people? Are their background checks? Should there be?  
>> Probably they outsource that and then you have to see if you can trust  
>> that company too. The main problem is that so much gets outsourced so  
>> dept head A doesn't have to worry about it but who is checking that this  
>> other company is doing it right? Its an endless cycle of paranoia.
> 
> You are only trusting them to provide with the key for their domain and
> possibly subdomains.

I was referring to the issue of trust in general.

>You aren't making them a CA for any and all domains.
>

Yes I understand that but you could apply the same to Versign, which 
others have pointed out gave out a Microsoft cert to someone who wasn't. 
So then what? They should at least be hiring less gullible people or 
have a better process for issuing certs, i am under no illusions that 
just because its the only time i heard about it that its the only time 
it happened.

I would point you to Firefox for instance, which by some(not I) is 
reported to be a very insecure browser. There was an article, a while 
back, that pointed out that it had more software vulnerabilities than 
other browsers in I think it was 06 or 07. On the surface the article 
seemed legit but proprietary browsers do not disclose all insecurities 
found, only the publicly reported ones, where as Firefox, this is my 
understanding please correct if wrong, reports all security issues 
including the ones found in internal audits. So yes Firefox had more 
reported problems but only because they disclose all of them. So who can 
I trust? Just me it seems and the few friends that I have, signed keys 
,as pointed out by others, is no guarantee that things were or are done 
properly. That for me anyway is what the issue of trust comes down too, 
consistency, its based on that, that I decide whether I can trust them 
or just trust them to be themselves.




-- 
"Any fool can know. The point is to understand" --Albert Einstein

Bored??
http://fiction.wikia.com/wiki/Fuqwit1.0

http://fiction.wikia.com/wiki/Coding_the_Magic_into_the_Eight_Ball

More information about the fedora-list mailing list