Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Why the dislike of X.509?



So you hate OpenVPN, which uses the user's own private self-generated SSL
certificate authority and does *not* require the centralized certificate
authorities, because SSL in web browsers requires the centralized
certificate authorities?


On Mon, Aug 25, 2014 at 10:38 AM, Richard Pieri <richard.pieri at gmail.com>
wrote:

> On 8/25/2014 7:11 AM, Nuno Sucena Almeida wrote:
> > Why the dislike of X.509 ?
>
> The dependence on centralized certificate authorities. X.509 is not
> verifiably trustworthy and is anything but private. X.509 is, in fact,
> compromised by design. It was designed specifically to grant
> administrators of X.509 domains access to everything within their domains.
>
> The only reason it's so widespread today is because Netscape couldn't
> get an export license under ITAR without a key escrow mechanism that
> could be subverted by the US government. That's the foundation of
> Netscape's early SSL which Microsoft duplicated. And now we're saddled
> with a global scale security infrastructure that was compromised at the
> roots from Day 1.
>
> That's why I hate X.509.
>
> --
> Rich P.
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



-- 
John Abreau / Executive Director, Boston Linux & Unix
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org