and not a single Tor hacker was surprised...

coderman coderman at gmail.com
Sun Jan 26 14:39:41 PST 2014


On Sun, Jan 26, 2014 at 9:44 AM, Guido Witmond <guido at witmond.nl> wrote:
> ... Although NULL encryption is a problem, I expect that most
> crypto-toolkit developers will disable these in their default
> configuration... There is nothing in eccentric authentication that specifies one
> branch of public key mathematics  over another. I deliberately leave the
> choice of either RSA, EC, or others out. As I'm not a cryptographer, I
> can't make that decision. I do specify what I expect the protocol needs
> to accomplish. It's up to the experts to match the appropriate parts. My
> prototype used RSA/TLS/DNSSEC


fair enough; my position is that this is insufficient and passes the buck.
many don't agree.

said another way: security is everyone's responsibility!
 everyone should encourage and enforce strong defaults, strong suites,
and accept no less.

(i pay bribes in bitcoin to adopt this position ;)



> In fact, with a proper setup, the Root certificate's private key for the
> site does not live at the server, for signing, it uses a subRoot.

this is better; although perhaps more cumbersome key management wise.
good key management always cumbersome it seems!



> Now when the site gets hacked, the hackers can create more accounts for
> themselves or invalidate other peoples' accounts. But the attackers can
> never impersonate any of the sites user accounts at other sites, as
> these use their own signing key. I believe it is more safe than hashing
> passwords.

absolutely better than storing hashed passwords.  how many people
generate long, random, unique passwords for every site?



> The eccentric-protocol can use other global unique naming schemes. The
> requirements are: easy and cheap enough so every website can get a
> unique and human memorize-able name. Namecoin might fit the
> requirements, or GNS (GnuNet).

GNet NS is locally scoped to each peer as of my understanding, so not
quite a strong global unique naming scheme.  i do believe on further
reading that Namecoin would work, and am looking at this further...
thanks for the responses and clarifications!



best regards,



More information about the cypherpunks mailing list