W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

Re: ACTION-272: self-signed certificates

From: Serge Egelman <egelman@cs.cmu.edu>
Date: Tue, 31 Jul 2007 18:05:19 -0400
Message-ID: <46AFB21F.4070006@cs.cmu.edu>
To: Johnathan Nightingale <johnath@mozilla.com>
CC: public-wsc-wg@w3.org

That's not what I said.  You previously said that if there's no
accountability, you'd pull the root.

So, Stephen's argument is that there's accountability because everything
on the Internet is traceable, and anyone committing a crime such as
stealing a PayPal or credit card will be caught and the CA will be
notified within 24 hours of issuance.  However this is demonstrably false.


Johnathan Nightingale wrote:
> On 30-Jul-07, at 6:46 PM, Serge Egelman wrote:
>> We went over this.  The $20 GoDaddy example I cited before.  I
>> registered a domain and purchased a certificate using PayPal, and it's
>> all under Stephen's name.  Nothing is linked back to me, there is zero
>> accountability (BTW: Johnathan said that he'd pull the root if this
>> were the case, though I doubt that's happened).
> Are you saying that GoDaddy issued you a cert for a domain you don't
> control?  If so, absolutely you should let us know, it's a violation of
> their audit regime and would be a very good reason to pull their cert.
> Or are you saying that they issued a DV cert for a domain you do in fact
> control, but that they didn't audit the other information, which they
> never claimed to do anyhow?  In which case I admit that I fail to see
> the relevance, but I certainly wouldn't pull their root for it, since we
> never expected them to vet that.  If we did, if we had ever really
> demanded that, we wouldn't have needed EV.
> Cheers,
> J
> ---
> Johnathan Nightingale
> Human Shield
> johnath@mozilla.com

Serge Egelman

PhD Candidate
Vice President for External Affairs, Graduate Student Assembly
Carnegie Mellon University

Legislative Concerns Chair
National Association of Graduate-Professional Students
Received on Tuesday, 31 July 2007 22:05:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:17 UTC