Author: Luke-Jr 2012-11-27 00:44:03
Published on: 2012-11-27T00:44:03+00:00
In a discussion between Gregory Maxwell and Luke-Jr on November 27, 2012, the topic of a whitelist was brought up. Maxwell proposed that the system support a static whitelist along with an OS-provided list but allow for users to configure their own blacklist and for sophisticated users to disable the whitelist. Luke-Jr questioned the need for a whitelist, as every OS includes a default list of certificate authorities (CAs). Maxwell explained that the lists are not identical, meaning that false-positive authentication failures could occur or merchants would have to spend time and money determining which certs work everywhere. However, there is a common subset of CAs included in all OSs, which could be used as the "whitelist equivalent." Additionally, Maxwell stated that the fees charged by CAs for certificates are a flaw in the CA model that does not require solving.
Updated on: 2023-06-06T08:37:09.914035+00:00