Fwd: [ PRIVACY Forum ] Surveillance via bogus SSL certificates
Morlock Elloi
morlockelloi at yahoo.com
Tue Apr 6 20:15:05 PDT 2010
The distributed model needs to be people-centric, not site-centric, and recreate existing social models (*not* failed "web of trust".)
As a wild example:
Imagine everyone being able to issue blinded Chaumian cash. You give your coins to people you, sort of, trust a bit. Maybe various coins for various purposes.
Then those people submit (now blinded) coins to the web sites they, sort of, trust.
You come to a site, do automated hashed lookup*, and if you recognise some minimum amount of your own coins, you, sort of, start to pay attention to that site.
There is no CA anywhere to be seen, except yourself.
* I know this is expensive, but this can be a one-time event after which you certify the site to your browser(s).
> A distributed model would be good, but even leaving aside key
> distribution issues for your trusted recommenders, it means
More information about the cypherpunks-legacy
mailing list