[tor-bugs] #3929 [Tor Browser]: Remove CNNIC
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Sep 5 09:49:06 UTC 2011
#3929: Remove CNNIC
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor Browser | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by ioerror):
I'd like to see TBB get to CA zero - something sorta like INBOX zero.
Here are two blog posts worth considering:
http://netsekure.org/2010/05/results-after-30-days-of-almost-no-trusted-
cas/
https://blog.torproject.org/blog/life-without-ca
I think we should have a reductionist policy - what CAs do we absolutely
need today? What CAs can we entirely remove? What methods exist for a non-
CA model? What will complement and allow the CA model to confirm other
data that we trust?
I think DANE delivered ala verified DNSSEC with a matching CA signature
would be much better than any signature from any valid CA. Similarly, I
think CAA will do a lot of good in this regard.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3929#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list