> Or Certificate Transparency. :-) Sorry Ben,
But your Certificate Transparency is not a solution. It's an invitation to more trouble: - Your currently published RFC doesn't actually fix the MITM problem, it merely gives the illusion of a fix. It doesn't actually prevent governments from issuing fake certificates and MITMing connections, and your attempt to address this problem is a mere "TBD". - Your RFC is an obvious attempt to preserve today's pay-for-protection system. It's clear from the RFC that Google is actually trying to lead the internet down a dangerous path where people *must* pay for security by not supporting self-signed certificates. I look forward to writing a more detailed post on it. Cheers, Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Apr 29, 2014, at 1:11 PM, Ben Laurie <b...@links.org> wrote: > On 29 April 2014 07:41, Ryan Carboni <rya...@gmail.com> wrote: >> the only logical way to protect against man in the middle attacks would be >> perspectives (is that project abandoned?) or some sort of distributed >> certificate cache checking. > > Or Certificate Transparency. :-) > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography