[TriLUG] The sad state of sysadmin in the age of containers
Kristopher Kane via TriLUG
trilug at trilug.org
Fri Mar 13 17:11:14 EDT 2015
I work with Hadoop and the larger Hadoop ecosystem every day. I don't
compile the ecosystem from source just like I don't compile CentOS from
source. Why would I?
This article seems like a build up of frustration that resulted in being
angry at everything and doesn't really have anything to do with security.
Kris
On Fri, Mar 13, 2015 at 4:47 PM, Igor Partola via TriLUG <trilug at trilug.org>
wrote:
> > What this would do is place the trust in the hands of the user.
> Unfortunately too many would still trust Google or would still use them
> even if they don't.
>
> I don't believe it would. Currently, as a user of example.com, I have to
> trust:
>
> - The registrar of example.com to provide the correct NS records
> - All the CA's that nobody provided a rogue cert for example.com
> - The site maintainer to create and install a cert signed by a trusted CA
> on their web server
>
> In my proposed plan, as a user I'd have to trust:
>
> - The registrar of example.com to provide the correct NS records and to
> provide one and only one local CA to the site maintainer
> - The site maintainer to create and install a cert using their own local CA
>
> Note that I never have to talk to Google or anyone outside the normal chain
> here. This plan strictly eliminates CA's without making you trust any
> additional parties any more than you already do.
>
> All this does is make the registrar do more work in issuing and revoking
> local CA's, and on the site maintainer to keep their local CA secret.
>
> > Such a system would also take away a lot of money from the CA companies
> as it would eliminate things like green bar validation that costs beacoup
> bucks.
>
> Absolutely correct, and this is why something like this is not happening
> right now. My biggest hope is that the Let's Encrypt initiative drives the
> CA profits to $0, so that most of them go out of business and lose their
> grip on the Internet. Then we can rebuild using something better than what
> we had before.
>
> Igor
> --
> This message was sent to: Kristopher Kane <kristopher.kane at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web :
> http://www.trilug.org/mailman/options/trilug/kristopher.kane%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
>
More information about the TriLUG
mailing list