[TriLUG] The sad state of sysadmin in the age of containers

[Igor Partola via TriLUG]

Yes, once someone discovers such a thing, it becomes easy to target that
specific developer. I don't believe this has happened to Free or Open
Source code yet. It has happened multiple times to other code though:
Google was compelled to send data to the NSA via the PRISM program. Signing
the code they deliver to you is useless in that case: the code you don't
see is what's selling you out.

As far as the CA system goes, I have an idea that is like quite a bit: when
you buy a domain name, your registrar gives you a local CA keypair (or
rather you generate one and they sign it), giving you the ability to create
unlimited certificates for your domain only. Essentially, you and only you
may generate certificates for example.com or *.example.com if you own
example.com. The registrar then revokes any previously issued CA keypair
signatures they issues for example.com, if they have not expired on their
own.

The idea here is that your registrar already controls your domain much more
than the CA does: the registrar can simply point your NS servers somewhere
else and then you no longer own it. You are already trusting them, so why
also trust the CA?

This is not supported by x509 so it would require additions/extensions to
TLS, but I believe it eliminates the biggest problem with CA's, namely that
any CA may issue a valid cert for any domain. This way every domain owner
is their own CA and only they can issue certs for their domains. This also
leaves the registrars in the exact same place as they were before: you are
not trusting them any more than you had to before. This is good, as
trusting them less would have to involve inventing some type of distributed
registrar (a la NameCoin) and that is a *big* problem.

Igor