Ah Python, you have spoiled me for all other languages
Michael Torrie
torriem at gmail.com
Sat May 23 23:00:56 EDT 2015
On 05/23/2015 06:44 AM, Marko Rauhamaa wrote:
> Johannes Bauer <dfnsonfsduifb at gmx.de>:
>
>> I dislike CAs as much as the next guy. But the problem of distributing
>> trust is just not easy to solve, a TTP is a way out. Do you have an
>> alternative that does not at the same time to providing a solution
>> also opens up obvious attack surface?
>
> Here's an idea: an authentication is considered valid if it is vouched
> for by the United States, China, Russia *and* the European Union. Those
> governments are the only entities that would have the right to delegate
> their respective certification powers to private entities. The
> governments would also offer to certify anybody in the world free of
> charge.
Why trust governments? Why not use peer-to-peer trust. If I trust you
and you trust site X with a fingerprint of Y, then I should trust it
also. Sadly though getting the unwashed masses educated enough to make
this work is impossible (like how PGP is pretty much dead). Maybe it's
a harder problem than anyone can solve.
More information about the Python-list
mailing list