CryptoSeal shutters, ala: LavaBit

coderman coderman at gmail.com
Mon Oct 21 20:57:18 PDT 2013


On Mon, Oct 21, 2013 at 8:09 PM, Kyle Maxwell <kylem at xwell.org> wrote:
> ...
> So how do you propose that a provider perform SSL without keeping
> their private cert?


change it every day.  i know every CA i've used allows unlimited
re-issue once purchased.

every time you hand it over, change it.

enforce forward secrecy, allow no non-forward secret suites. this is critical.

problem solved..
 ...they will however treat this as contempt of court - the escalation
would be infinitely interesting!


fuck this bullshit, i can't convey my contempt for this practice
(private keys via pen/trap register order) enough...



More information about the cypherpunks mailing list