and not a single Tor hacker was surprised...

Troy Benjegerdes hozer at hozed.org
Wed Jan 22 10:24:36 PST 2014


On Wed, Jan 22, 2014 at 06:05:51PM +0100, rysiek wrote:
> Dnia środa, 22 stycznia 2014 07:44:16 coderman pisze:
> >  (someone should write more about using client-side certificates as a
> > method to thwart SSL MitM with a CA signing transparent proxy
> > adversary upstream. aka BlueCoat with "enterprise certificate"
> > injected or private key pilfer.)
> 
> About this. Is there a way to serve 2 (or more) certificates for a given HTTPS 
> server/domain? What I would like to have is a way to:
>  - serve a proper, vanilla SSL certificate bought from some provider for the
>    general public accessing my service;
>  - serve a different cert (for example, using MonkeySphere) for those that do
>    not trust (and with good reasons) major CA's.
> 
> This would have to work for the *same* domain on the *same* webserver. I 
> haven't yet seen a way to do this, so this might need implementing, but maybe 
> somebody here has heard about something along these lines?

How secure is Bitcoin's ECDSA?

My thought is using doing a *new* encrypted transport (or re-purposing SSL)
and using the exact same ECDSA keys that are already being used as Bitcoin
addresses would make it more likely that an attacker would just go after
the money rather than wast time on MITM, and it's a lot more likely that
average users would care to upgrade.

This, I conjecture, would result in a generally much stronger deployment of
crypto to end-users.



More information about the cypherpunks mailing list