|
|
tags:
all,
apache,
apachecon,
apacheweek,
bryce,
cve,
fedora,
fudcon,
geocaching,
gps,
ha,
jabber,
metrics,
microsoft,
nashville,
north carolina,
oscon,
red hat summit,
security,
trips
|
|
|
mark :: blog
Off to San Diego tommorrow for TPC/OSCON. I've not flown
with British Airways since 1995 when after two flights with
dismal customer service I vowed never to fly with them
again. However, London to San Diego was cheapest with BA
and I didn't fancy paying the price difference. Also they
might be better now, they've got the seat back TV screens.
I now know two BA pilots too, but neither is flying the
outward or return flights :(
Well I can't leave until I pack, and I can't pack until
I've finished work, and that means writing Apache Week.
People have been asking about the OpenSSL exploit, so I
need to write that up, together with a company that is
giving out free server certificates.
My entire trust model for SSL is based on that fact that
anyone who can issue a server certificate "does the right
thing". That means they check who I am and that I have the
right to use the name I've asked them to certify.
Otherwise someone else could register my name, or something
similar to it, and theres no point having SSL do
authentication anymore. How can a company giving out free
certificates afford to do any checking? But then I've
heard of Verisign and Thawte making serious mistakes
issuing certificates, so I probably had a false sense of
security anyway.
Created: 19 Jul 2001
Tagged as: apacheweek, oscon, trips
0 comments
(new comments disabled)
|
|
