[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

and not a single Tor hacker was surprised...

To: Guido Witmond <[email protected]>
Subject: and not a single Tor hacker was surprised...
From: [email protected] (coderman)
Date: Sat, 25 Jan 2014 11:09:16 -0800
Cc: cpunks <[email protected]>
In-reply-to: <[email protected]>
References: <CAJVRA1R0_fvsd9jhQLYnOKU5L0ZGLXPAQOG_cPkZaKr32BL7-g@mail.gmail.com> <[email protected]> <CAJVRA1SofFbh7FNRzSR_bW3D0+X_4Ok54HXPDyUjm0m7ZV9J=g@mail.gmail.com> <[email protected]>

On Sat, Jan 25, 2014 at 7:53 AM, Guido Witmond <[email protected]> wrote:
> ...
> Client certificates are part of my answer to MitM attacks.
>
> The other part is to forget about third-party CA's.

my heart a twitter already!

(these are the key points, and you hit them first.)




> See http://eccentric-authentication.org/ to read more.
>
> I'd love to hear comments.

i've come across this on other lists, and will one day provide a
better response.  my initial feedback relates to:

- supported suites.  NULL encryption is still a valid TLS mode!

- end-point security (each site acting as a CA is like every bitcoin
user acting as a bank. you've elevated the threat model on the
unsuspecting.)

- Namecoin and other decentralized alternatives to DNSSEC.



best regards,

Follow-Ups:
- and not a single Tor hacker was surprised...
  - From: [email protected] (Guido Witmond)

References:
- and not a single Tor hacker was surprised...
  - From: [email protected] (coderman)
- and not a single Tor hacker was surprised...
  - From: [email protected] (Kelly John Rose)
- and not a single Tor hacker was surprised...
  - From: [email protected] (coderman)
- and not a single Tor hacker was surprised...
  - From: [email protected] (Guido Witmond)

Prev by Date: dear Eve,
Next by Date: CDRv2 discussion (was: Re: Al-qaeda.net deprecated)
Previous by thread: and not a single Tor hacker was surprised...
Next by thread: and not a single Tor hacker was surprised...
Index(es):
- Date
- Thread