On 08/25/2013 03:28 PM, Perry E. Metzger wrote:
So, imagine that we have the situation described by part 1 (some universal system for mapping name@domain type identifiers into keys with reasonable trust) and part 2 (most users having some sort of long lived $40 device attached to their home network to act as a "home server".)
My main issue with this proposal is that somebody identifiable is going to manufacture these boxes. Maybe several somebodies, but IMO, that's an identifiable central point of control/failure. If this is deployed, what could an attacker gain by compromising the manufacturers, via sabotage, component modification/substitution at a supplier's chip fab, or via secret court order from a secret court operating according to a secret interpretation of the law? Bear _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography