On 08/25/2013 03:28 PM, Perry E. Metzger wrote:
So, imagine that we have the situation described by part 1 (some
universal system for mapping name@domain type identifiers into keys
with reasonable trust) and part 2 (most users having some sort of
long lived $40 device attached to their home network to act as a
"home server".)
My main issue with this proposal is that somebody identifiable is going
to manufacture these boxes. Maybe several somebodies, but IMO, that's
an identifiable central point of control/failure. If this is deployed,
what could an attacker gain by compromising the manufacturers, via sabotage,
component modification/substitution at a supplier's chip fab, or via
secret court order from a secret court operating according to a secret
interpretation of the law?
Bear
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
