[TriLUG] The sad state of sysadmin in the age of containers
Matt Flyer via TriLUG
trilug at trilug.org
Fri Mar 13 16:34:17 EDT 2015
What this would do is place the trust in the hands of the user. Unfortunately too many would still trust Google or would still use them even if they don't.
Such a system would also take away a lot of money from the CA companies as it would eliminate things like green bar validation that costs beacoup bucks.
Sent from my iPad
> On Mar 13, 2015, at 4:21 PM, Igor Partola via TriLUG <trilug at trilug.org> wrote:
>
> The idea here is that your registrar already controls your domain much more
> than the CA does: the registrar can simply point your NS servers somewhere
> else and then you no longer own it. You are already trusting them, so why
> also trust the CA?
>
> This is not supported by x509 so it would require additions/extensions to
> TLS, but I believe it eliminates the biggest problem with CA's, namely that
> any CA may issue a valid cert for any domain. This way every domain owner
> is their own CA and only they can issue certs for their domains. This also
> leaves the registrars in the exact same place as they were before: you are
> not trusting them any more than you had to before. This is good, as
> trusting them less would have to involve inventing some type of distributed
> registrar (a la NameCoin) and that is a *big* problem.
>
More information about the TriLUG
mailing list