Let's say web servers auto generated self-signed certificates for any
domain that didn't supply its own certificate, likely one from an authority.
What that would accomplish is to make the stream unreadable over the wire,
unless the attacker was willing and able to do an MITM with their own auto
g
Lucas Gonze writes:
> Let's say web servers auto generated self-signed certificates for any
> domain that didn't supply its own certificate, likely one from an authority.
>
> What that would accomplish is to make the stream unreadable over the wire,
> unless the attacker was willing and able to d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/14/2014 12:46 PM, Lucas Gonze wrote:
> Let's say web servers auto generated self-signed certificates for
> any domain that didn't supply its own certificate, likely one from
> an authority.
>
> What that would accomplish is to make the stream
..on Fri, Mar 14, 2014 at 10:46:30AM -0700, Lucas Gonze wrote:
> Let's say web servers auto generated self-signed certificates for any
> domain that didn't supply its own certificate, likely one from an authority.
>
> What that would accomplish is to make the stream unreadable over the wire,
> unl
Julian Oliver writes:
> His Convergence project is certainly worth a look, too:
>
> http://convergence.io/
>
> Shame it didn't catch on. AFAIK it needs a certain critical mass of 'Trust
> Notaries'.
afaict it was a fork of perspectives and perspectives is alive :)
http://perspectives-project
..on Fri, Mar 14, 2014 at 04:03:48PM -0300, Nicolás Reynolds wrote:
> Julian Oliver writes:
> > His Convergence project is certainly worth a look, too:
> >
> > http://convergence.io/
> >
> > Shame it didn't catch on. AFAIK it needs a certain critical mass of 'Trust
> > Notaries'.
>
> afaict i
On 03/14/14 19:56, Julian Oliver wrote:
> ..on Fri, Mar 14, 2014 at 10:46:30AM -0700, Lucas Gonze wrote:
>> Let's say web servers auto generated self-signed certificates for any
>> domain that didn't supply its own certificate, likely one from an authority.
>>
>> What that would accomplish is to ma
You misunderstand the signing practice if you think this is a good idea.
Granted, it provides a low level of encryption for clients but it does not
provide Non-repudiability to those users, opening them up to MitM attacks.
Sent from my iPhone
> On Mar 14, 2014, at 16:35, Guido Witmond wrote:
>
The MITM is much more expensive, so would make it unfeasible to maintain
current levels of surveillance.
The MITM can't be done in secrecy. The client can publish the certificate
that it received. This would force the surveillance apparatus to reveal
itself.
On Fri, Mar 14, 2014 at 2:45 PM, John
On 03/14/14 22:45, John Adams wrote:
> You misunderstand the signing practice if you think this is a good idea.
I don't get it yet, in which part would I be getting wrong, the signing
of server certificates by CAs, or the DNSSEC/DANE part? Please elaborate.
>
> Granted, it provides a low level o
How optimistic you are around the way SSL works. If I can make a cert and you
have no 3rd party to verify against, anyone can be anyone.
Forging DHCP lets me forge DNS and own you.
This "apparatus" which you believe can be "difficult to deploy" and "easy to
reveal" is entirely not of that natu
On Fri, Mar 14, 2014 at 04:45:01PM -0500, John Adams wrote:
> Granted, it provides a low level of encryption for clients but it does not
> provide Non-repudiability to those users, opening them up to MitM attacks.
It is inappropriate to say "opening up to MitM" if the
alternative is plain-text HT
On Sat, Mar 15, 2014 at 5:27 AM, carlo von lynX
wrote:
> On Fri, Mar 14, 2014 at 04:45:01PM -0500, John Adams wrote:
>> Granted, it provides a low level of encryption for clients but it does not
>> provide Non-repudiability to those users, opening them up to MitM attacks.
>
> It is inappropriate
*All trust has failed us.*
Both the x509 (hierarchical/commercial) trust model (insecure, broken
brokers are known to exist) and the openPGP Web of Trust(WOT) trust
model(too complex, hard to use and does not map to the way humans regard
trust) suck, and Trust on first use also has its problems (ma
14 matches
Mail list logo