Re: [cryptography] Request - PKI/CA History Lesson - the definition of trust
In article you write: >On 2014-05-03, at 3:22 AM, wrote: > >> Frankly, if we could "trust" in DNS, we would not need to "trust" in >> web-PKIX [2] - since the one is just the bandaid for the other. > >Have you forgotten that routing can be subverted? > >Just because you are talking to the right IP address doesn�t mean >you are talking the right host. Sure, but if the cert it presents has the hash in the DNSSEC signed DANE record, it does. R's, John ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Announcing ClearCrypt: a new transport encryption library
On Sun, May 4, 2014 at 6:38 PM, Greg wrote: > Can you discuss your thoughts on those two, the pros and cons of each, why > you chose one over the other, and whether you'll consider changing your > mind? ^_^ > No specific choices have been made yet. CurveCP and MinimaLT are both valid options. Another one is Trevor Perrin's Noise: https://github.com/trevp/noise/wiki -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Announcing ClearCrypt: a new transport encryption library
Very cool stuff Tony! Major props to you on getting this going! =D I'm not super familiar with CurveCP, but was rather impressed with MinimaLT after reading their paper. Can you discuss your thoughts on those two, the pros and cons of each, why you chose one over the other, and whether you'll consider changing your mind? ^_^ Cheers! Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. On May 4, 2014, at 5:54 PM, Tony Arcieri wrote: ClearCrypt's goal is to produce a minimalist transport encryption library written in a memory-safe language: Rust. Web site: http://clearcrypt.org/ The problem: http://clearcrypt.org/tls/ Github repo: https://github.com/clearcrypt/clearcrypt The project is presently complete vaporware, but the goal is to produce a Rust implementation of a next generation transport encryption library. The protocol itself is still up for debate, but will likely be based off CurveCP or Noise. Emphasis will be placed on simplicity, clarity, and audibility. New features will be rejected unless they meet these goals. Every commit will be approved by multiple people once it has been thoroughly audited. First up: the choice of a license: https://github.com/clearcrypt/clearcrypt/pull/1 -- Tony Arcieri ___ The cryptography mailing list cryptogra...@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography signature.asc Description: Message signed with OpenPGP using GPGMail ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Request - PKI/CA History Lesson - the definition of trust
On May 4, 2014, at 6:39 PM, Jeffrey Goldberg wrote: > On 2014-05-03, at 3:22 AM, wrote: > >> Frankly, if we could "trust" in DNS, we would not need to "trust" in >> web-PKIX [2] - since the one is just the bandaid for the other. > > Have you forgotten that routing can be subverted? > > Just because you are talking to the right IP address doesn’t mean > you are talking the right host. That is why signatures exist. With DNSChain and DNSCrypt, for example, you will know whether you're talking to the right host, and no IP-based routing or filtering can affect that. Cheers, Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. signature.asc Description: Message signed with OpenPGP using GPGMail ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Announcing ClearCrypt: a new transport encryption library
On 4 May 2014 23:54, Tony Arcieri wrote: > > > The project is presently complete vaporware, but the goal is to produce a > Rust implementation of a next generation transport encryption library. The > protocol itself is still up for debate, but will likely be based off > CurveCP or Noise. > > > Would be interested in this, even if just as the crazy bearded person in the corner shouting abuse mixed with random suggestions. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Request - PKI/CA History Lesson - the definition of trust
On 2014-05-03, at 3:22 AM, wrote: > Frankly, if we could "trust" in DNS, we would not need to "trust" in > web-PKIX [2] - since the one is just the bandaid for the other. Have you forgotten that routing can be subverted? Just because you are talking to the right IP address doesn’t mean you are talking the right host. Cheers, -j ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Announcing ClearCrypt: a new transport encryption library
ClearCrypt's goal is to produce a minimalist transport encryption library written in a memory-safe language: Rust. Web site: http://clearcrypt.org/ The problem: http://clearcrypt.org/tls/ Github repo: https://github.com/clearcrypt/clearcrypt The project is presently complete vaporware, but the goal is to produce a Rust implementation of a next generation transport encryption library. The protocol itself is still up for debate, but will likely be based off CurveCP or Noise. Emphasis will be placed on simplicity, clarity, and audibility. New features will be rejected unless they meet these goals. Every commit will be approved by multiple people once it has been thoroughly audited. First up: the choice of a license: https://github.com/clearcrypt/clearcrypt/pull/1 -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography