« Mark O'Neill on PKI and SOA | Main | Notes from Thomas Barnett's New Brief »

Comments

Richard Veryard

Thanks for the link, but I can't access the Financial Cryptography site.

"financialcryptography.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown."

Iang

Hi Richard,

Yes, this is an economic issue. The thing is, the site uses a certificate from CAcert, the community CA (disclosure, I audit them). These certs are free, and the community is a nice bunch of guys, if a little shy and slow with the doco.

The actual message there is wrong. What it should say is that Firefox's list of roots doesn't include this CA, so no "trust recommendation" is available.

If you want to know why Mozilla is not including them, refer to "disclosure" :)

Richard Veryard

Overall, we need a business model that defines the sources of business value. This may include a broad concept of asset, but also broad concepts of capability and viability. Then I absolutely agree with Gunnar and Ian - the security model must be driven by the business model.

http://rvsoapbox.blogspot.com/2009/01/business-model-drives-security.html

The comments to this entry are closed.