[liberationtech] Defeating massive wiretapping with opportunistic, unauthenticated encryption in HTTP ?
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Mon Oct 28 13:51:30 PDT 2013
Il 10/28/13 3:14 PM, Guido Witmond ha scritto:
> I know that this kind of argument attract crypto-trolling ("Javascript encryption" and
"Unauthenticated encryption" and "Opportunistic encryption") but i think
that it's worth discussing because it could be a revolutionary approach
to challenge massive wiretapping. What does various people think about
this approach?
>
> One question: How does the javascript get to the browser without any
> interference from intermediate parties?
No protection against active attacks.
The purpose is to defeat massive wiretapping that's a passive.
Active attacks are mostly for targetted attacks, so outside the scope.
There was many interesting discussion about the likelyhood to implement
a PoC like this in a very simplified way, of easy integration with
existing web applications:
https://github.com/digitalbazaar/forge/issues/84
--
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1746 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20131028/56973bd5/attachment-0001.txt>
More information about the cypherpunks
mailing list