I can recreate my system from backup in
Seconds Minutes Hours Days Weeks Never tested Never backed up ( 469 votes ~ 6 comments )
You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.
To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.
This is the comment you were replying to, attached to the weblog Debian ca-certificates question
#6 Re: Debian ca-certificates question Posted by simonw (84.45.xx.xx) on Wed 7 Mar 2007 at 22:11 The article is very well written. Perhaps a little heavy for non-technical readers. But it taught me stuff I didn't know, and is very clear. Afraid, whilst I understand conceptually the various encryption schemes as much as I need to use them without being too inept, I'm not up on cryptographic details, and I still have to reread the various howto documents regularly when doing anything with SSL/TLS. I couldn't help thinking of Machiavelli; "It must be considered that there is nothing more difficult to carry out, nor more doubtful of success, nor more dangerous to handle, than to initiate a new order of things...." The problem with the CA-Cert is the financial model. Whilst it would be nice to have communities come together for this, few organizations are that concerned. Looking at my "trusted" CAs I note that the ABA is the only one that leaps out as a community model. You'd think perhaps that other authorities would have arisen out of communities with a serious need for security, and big money, even if it was only other groups of bankers and money men. It is tempting to throw away everything that came before. I must resist. It is also tempting to look at solving the other big "SSL" issue at the same time, which is the handing of a certificate with the connection (i.e. One certificate per "IP address + port" combination). But I don't think for financial transactions this is a big issue. Of course by putting a PGP signature along side a URI (protocol://server/ref + protocol://server/ref+sig) one can handle static content of all types within many existing protocols, and need only a small browser (or other software) plugin to validate the signatures. But I don't think that lends itself to dynamic content as well (I may be wrong on that). Much for me to think about.
Posting Format:
Inappropriate comments will be removed.
Some help on entry formatting is available
Username:
Password:
[ Advanced Login ]
Register Account
