[Remops] Oops! Small problem!
Jeremy Bentham Admin
jeremyadmin at anemone.mooo.com
Wed Nov 5 21:20:25 GMT 2014
>I think installing
>invalid certs on user's computers is a very, very bad idea. I'm glad
>we're on the same page here.
>
>Unfortunately, the user cannot decide to accept the certs since they get
>no chance to do that. But we have what we have. The problem is not
>windows and not mixmaster. The problem is invalid certificates and if
>anything is fixed, it should be that.
I just want to point out that a self-signed certificate is not invalid
per se. It is just not signed by a recognized X.509 certificate authority.
In my case (and probably others), I've posted the certificate (signed
by my admin key) on my web page. Users can download the certificate
from the web page, confirm its validity with the signature, and add it to
their certificate store.
There are lots of arguments about the security of the CA system that
is now in place to verify X.509 certificates. I won't repeat them here.
I just want to emphasize that what I've described above is a very secure
way to validate an X.509 certificate. It does require a bit of work
on the part of the user.
In my case, usage of a self-signed certificate stems from my feeling
that an anonymity system should not have to depend on registration
with a central authority for operation, and not on an inability to
obtain a certificate from a CA (for whatever reason).
--
Jeremy Bentham Remailer Admin
Key fingerprint = D7DE B0DF E6F9 9256 A070 B841 1942 840B 8743 B6B5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.mixmin.net/pipermail/remops/attachments/20141105/78033987/attachment.sig>
More information about the Remops
mailing list