and not a single Tor hacker was surprised...
coderman
coderman at gmail.com
Sat Jan 25 11:09:16 PST 2014
On Sat, Jan 25, 2014 at 7:53 AM, Guido Witmond <guido at witmond.nl> wrote:
> ...
> Client certificates are part of my answer to MitM attacks.
>
> The other part is to forget about third-party CA's.
my heart a twitter already!
(these are the key points, and you hit them first.)
> See http://eccentric-authentication.org/ to read more.
>
> I'd love to hear comments.
i've come across this on other lists, and will one day provide a
better response. my initial feedback relates to:
- supported suites. NULL encryption is still a valid TLS mode!
- end-point security (each site acting as a CA is like every bitcoin
user acting as a bank. you've elevated the threat model on the
unsuspecting.)
- Namecoin and other decentralized alternatives to DNSSEC.
best regards,
More information about the cypherpunks
mailing list