Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Comment If these senators really wanted to help... (Score 5, Insightful) 108

That's so nice of you to want to protect us from spam. But you know what's even more annoying and threatening and expensive than spam?

..found its way into the budget bill.

Worse than spam, is stuff that "finds its way" into our laws without ever being attributed. The guilty parties are never punished or even informally shamed or identified so that anyone can ever vote approval or disapproval for that person in the next election.

Put an end to unattributed "malgislation" (eww, let's keep working on finding the right word) and then you'll really be heroes. I want every item in every bill to have a person's name on it. Let them continue to be as evil and un-American as they want with their laws, but let's stop allowing them to be irresponsibly anonymous when they do it.

Comment Re:Wny did they need the certificates? (Score 1) 95

Issuing for .test and .local are strictly prohibited by the CABForum EV requirements. They will soon be outlawed for DV under the basic requirements.

What seems to have happened is that instead of issuing all test certs for test.verisign.com as the procedure manual required, they had to modify the procedure when Symantec took over and they no longer had verisign.com.

So instead of doing what they should have done and using test.symantec.com or a test domain bought for the purpose, they typed the first name that entered their head.

Comment Re:Self Signed (Score 1) 95

Actually it doesn't. DANE certificates are not self-signed for a start, they are signed by the DNSSEC key for the zone.

The problem with DANE is that you swap the choice of multiple CAs for a monopoly run by ICANN, a shadowy corporation that charges a quarter million bucks for a TLD because that is what the market will bear. What do you think the price of DANE certification will rise to if it takes off?

ICANN is the Internet version of the NFL only with greater opportunities for peculation and enrichment.

Comment Re:Wny did they need the certificates? (Score 1) 95

Damn right they should. The CPS has a long section on the use of test hardware.

The problem is that all the original team that built VeriSign have been gone for years. A lot of us left before the sale of the PKI business to Symantec. The PKI/DNS merger was not a happy or successful partnership. The original point of the merger was to deploy DNSSEC. that effort was then sabotaged by folk in IETF and ICANN which has delayed the project by at least 10 and possibly 20 years. ATLAS was originally designed to support DNSSEC.

Unfortunately, in PKI terms what VeriSign was to IBM, Symantec is to Lenovo.

They apparently remember the ceremonies we designed but not the purpose. So they are going through the motions but not the substance.

One of the main criticisms I have heard is that we built the system too well. From 1995 up to 2010 it worked almost without any issues. So people decided that they didn't need things like proper revocation infrastructure. The only recent issue the 1995 design could not have coped with was DigiNotar which was a complete CA breach.

There are some developments on the horizon in the PKI world that will help add controls to mitigate some of the issues arising since. But those depend on cryptographic techniques that won't be practical for mass adoption till we get our next generation ECC crypto fully specified.

Comment Re:What is a pre-certificate? (Score 3, Informative) 95

A pre-certificate is created for use in the Certificate Transparency system. Introducing pre-certificates allows the CT log proof to be included in the certificate presented to an SSL/TLS server.

The CT system generates a proof that a pre-certificate has been enrolled in it. The proof is then added to the pre-certificate as an extension and the whole thing signed with the production key to make the actual certificate.

If the CT system logged the actual certificate, the proof of enrollment would only be available after the certificate had been created.

Comment Re:Physical store advantage? (Score 2) 203

Why would I buy something online and then drive to pick it up?

The only thing I can think of, would be: If I'm driving over there anyway, for my non-online purchases (groceries).

I have a few grocery stores that I visit fairly often, including one that I visit nearly every week. (None of them happen to be Wal-Mart but for the sake of the arugment, let's pretend one of them is.) I'm never going to buy beer or porkchops or bread online from Amazon, but if I were at my grocer's checkout, and after I ran my "discount" tracking-cookie consumer-analytics card, the checker were to say, "Oh, Mr. Sloppy, your online-shopping crap has arrived," and then it somehow got dumped into my cart, I guess that'd be pretty cool.

That just means my grocer is somehow the bulk shipping destination (a truck with a lot of peoples' orders pulls up to it, instead of driving all over the the neighborhood), and then they have to store it until I show up for my weekly visit, and ..

..you know, this actually sounds like a lot of expense and trouble for them. I'm skeptical that it'd be cheaper. But if somehow it were cheaper than having a guy drive all over town delivering packages, ok, I'm game. (But you're right, I think. This ain't happening.)

Comment Who _else?_ (Score 3, Interesting) 107

This would be a lot more exciting when some other manufacturers do the same thing in a compatible form factor. Then you'd get a handheld the same way you get a desktop: go buy just the right parts for your situation.

"A Fairphone screen, a Foomeister I motherboard, a used Sorny RadioNIC that I found on eBay, a Brand X battery and oops I guess I didn't even bother with a camera on this one. Oh well, I didn't need one here. Wait, I just remembered have a 5 year old one sitting in a drawer, let's just throw that in." Later: "Shit, it got obsolete: time for a Foomeister II+ board, which has enough RAM to run the newest release of Netbuntroid."

But the only way we'll get there, is if this sells well enough that other manufacturers see a market for the form factor. It's hard to be optimistic about that.

A good supervisor can step on your toes without messing up your shine.