|
|
|
|
|
|
by 8organicbits
566 days ago
|
|
|
Web of trust is way more ambitious than what I'm talking about. Key distribution for the Apple, Microsoft, Google, and Mozilla trust stores is already a solved problem and works well at scale already. However, if you don't trust the inclusive nature of Microsoft's trust store and prefer Chrome's, there should be a tool to swap out trust stores. I don't think such a tool exists yet. |
|
|
- Accept any certs trusted by Bruce Schneier unless they are not trusted by tptacec
- Do not accept new certs for top 1000 domain names unless they are over 7 days old and trusted by the Mozlla Foundation
Various experts could create the rules they use to decide which certs or CAs they trust and users could decide which high profile authority figures or institutions they want to trust. One example might even be "Bruce Schneier paranoid version"
I think this doesn't exist because of the following:
1) technically it is possible to do it today with the existing tools, even though nobody does it
2) the negative impact of trusting certs one shouldn't is low for the average user
3) sophisticated users already take precautions and are rarely fooled
I think for something like this to work it would have to be extremely simple. Surely there would be the same phenomenon as "Dr. Oz" in the realm of cyber secruity. Maybe the 'Kevin Rose settings" would be popular, etc. But that would still open the door to distributed trust which is an improvement over blanket trust of large corporate entities.