There are story about root CA(certificate authority) which raise important question - can we trust the "web of trust" ? The answer is no.
Just check out CA list in your browser - can your sure anyone here can't abuse they power and issue legit certificate to phishing bank site for example? Can your trust Chinese government? But your browser trust!(CNNIC)
Same with the DNS system. We should trust by default to root servers and root CA's so there are no much we can do and there are no alternative to current infrastructure.
Some tips: 1) Delete CA's your don't trust from your browser and OS CA list(but remember this can break some software so be sure what your are deleting) 2) Use local hosts file or your own DNS server and manually add ip->names pairs for critical services or use only IP if you can.
Комментариев нет:
Отправить комментарий