Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
China Internet Network Information Center accepted as a Mozilla root CA
Posted Feb 2, 2010 23:54 UTC (Tue) by dkg (subscriber, #55359)
Focus on the bigger, systemic problem of crappy networked PKI, not on just one of the (likely) abusers.
Posted Feb 3, 2010 6:19 UTC (Wed) by redguardtoo (guest, #39215)
There must be something wrong in the basic work flow of the authority (or some committee?) who granted the CNNIC root CA.
From my point of view, it is so easy to validate CNNIC's credit. You just grab anyone who can read Chinese from the street. Let him/her google CNNIC to know how average Chinese people think about CNNIC. It won't take more than 5 minutes!
Posted Feb 3, 2010 9:09 UTC (Wed) by paulj (subscriber, #341)
E.g. I would think most Chinese people would have either:
a) No opinion, just as 99.99% of people in the West would have no opinion of
IANA, or Verisign, etc.
b) Approve, on learning it was a Chinese state entity to manage important
stuff related to the internet.
The one thing I know about China is that the people there are very patriotic
and extremely proud of their achievements and progress, regardless of CCP.
Just as people in the West are proud of whatever valued aspects of their
country, even if they don't approve of their leadership (e.g. the status of the
military in the USA relative to its presidents is a widely understood example).
I wonder though if perhaps you are chinese (and if so, are you mainland or
Posted Feb 3, 2010 11:18 UTC (Wed) by redguardtoo (guest, #39215)
My point is if the CNNIC root CA could be easily accepted, maybe the general approval procedure has some flaw. I am expecting some security experts to explain to me on the detail of such procedure.
You analogy of most people in west not knowing IANA or Verisign is inappropriate because you don't get the fact that CNNIC is hated by many Chinese, at least most IT guys, for some good reasons.
Posted Feb 3, 2010 12:42 UTC (Wed) by paulj (subscriber, #341)
I know some chinese people quite well, but I don't know any who'd have any clue
who CNNIC were, never mind why they might be unpopular with Chinese IT
people. :) Western IT people don't quite know why either. (i.e. I think you missed
the point of the analogy somewhat, but never mind..).
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds