Re: SSL/TLS everywhere fail

--------
In message <20151206125030.GA28069@1wt.eu>, Willy Tarreau writes:

>> >Warning Amos, TLS does offer this when it's used reasonably.
>> 
>> There is no way to use it "reasonably" in practice.
>
>But it's not TLS's fault but the whole model of trust. 

No, it is the fault of the people who agitate for "TLS everywhere"
ignoring that the model of trust is utterly untrustworthy.

>When you have only CAs of parties you decide to trust, the whole chain
>can be trusted.

Correct.  And all current browsers make that as hard as possible
to do in practice.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Sunday, 6 December 2015 12:57:50 UTC