[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Web of Trust (a revolution)

Bruno Wolff III wrote:
On Tue, Mar 31, 2009 at 11:00:34 -0400,
  m <maximilianbianco gmail com> wrote:
Difficult at best, who wants to trust a faceless corporation? Not to be cynical but you might trust the receptionist but what about the IT dept? Are they competent? Money is no guarantee of anything, in fact the larger the company the more likely they will let something slip through the cracks. Companies all say they are secure and trustworthy, but who is hiring these people? Are their background checks? Should there be? Probably they outsource that and then you have to see if you can trust that company too. The main problem is that so much gets outsourced so dept head A doesn't have to worry about it but who is checking that this other company is doing it right? Its an endless cycle of paranoia.

You are only trusting them to provide with the key for their domain and
possibly subdomains.

I was referring to the issue of trust in general.

You aren't making them a CA for any and all domains.

Yes I understand that but you could apply the same to Versign, which others have pointed out gave out a Microsoft cert to someone who wasn't. So then what? They should at least be hiring less gullible people or have a better process for issuing certs, i am under no illusions that just because its the only time i heard about it that its the only time it happened.

I would point you to Firefox for instance, which by some(not I) is reported to be a very insecure browser. There was an article, a while back, that pointed out that it had more software vulnerabilities than other browsers in I think it was 06 or 07. On the surface the article seemed legit but proprietary browsers do not disclose all insecurities found, only the publicly reported ones, where as Firefox, this is my understanding please correct if wrong, reports all security issues including the ones found in internal audits. So yes Firefox had more reported problems but only because they disclose all of them. So who can I trust? Just me it seems and the few friends that I have, signed keys ,as pointed out by others, is no guarantee that things were or are done properly. That for me anyway is what the issue of trust comes down too, consistency, its based on that, that I decide whether I can trust them or just trust them to be themselves.

"Any fool can know. The point is to understand" --Albert Einstein



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]