25 Jan
2014
25 Jan
'14
7:09 p.m.
On Sat, Jan 25, 2014 at 7:53 AM, Guido Witmond <guido@witmond.nl> wrote:
... Client certificates are part of my answer to MitM attacks.
The other part is to forget about third-party CA's.
my heart a twitter already! (these are the key points, and you hit them first.)
See http://eccentric-authentication.org/ to read more.
I'd love to hear comments.
i've come across this on other lists, and will one day provide a better response. my initial feedback relates to: - supported suites. NULL encryption is still a valid TLS mode! - end-point security (each site acting as a CA is like every bitcoin user acting as a bank. you've elevated the threat model on the unsuspecting.) - Namecoin and other decentralized alternatives to DNSSEC. best regards,