the only logical way to protect against man in the middle attacks would be
perspectives (is that project abandoned?) or some sort of distributed
certificate cache checking.
because that's the only use of certificates right?
to protect against man in the middle?
On Mon, Apr 28, 2014 at 6:25 PM,
On 28/04/2014 23:00, James A. Donald wrote:
Cannot outsource trust Ann usually knows more about Bob than a
distant authority does. A certificate authority does not certify that
Bob is trustworthy, but that his name is Bob.
In practice, they are certifying they sold a certificate to someone
On 29/04/2014 07:41 am, Ryan Carboni wrote:
the only logical way to protect against man in the middle attacks would
be perspectives (is that project abandoned?) or some sort of distributed
certificate cache checking.
because that's the only use of certificates right?
Well. Certificates
On 2014-04-28, at 5:00 PM, James A. Donald jam...@echeque.com wrote:
Cannot outsource trust Ann usually knows more about Bob than a distant
authority does.
So should Ann verify the fingerprints of Amazon, and Paypal herself? How do you
see that working assuming that Ann is an “ordinary
Hi Jeffrey,
On 29/04/2014 17:14 pm, Jeffrey Goldberg wrote:
On 2014-04-28, at 5:00 PM, James A. Donald jam...@echeque.com wrote:
Cannot outsource trust Ann usually knows more about Bob than a distant
authority does.
So should Ann verify the fingerprints of Amazon, and Paypal herself?
the only logical way to protect against man in the middle attacks would
be perspectives (is that project abandoned?) or some sort of distributed
certificate cache checking
plug
It would be blockchain-based solution like DNSChain:
https://github.com/okTurtles/dnschain
(Which is very much not
Hi Jason,
It's quite the coincidence that I saw this email of yours a few days ago when I
was wondering the same thing.
I've read through many of the replies to this thread but haven't been able to
answer a related question that I have.
I'm looking for a date that I could point to and call
On 29 April 2014 07:41, Ryan Carboni rya...@gmail.com wrote:
the only logical way to protect against man in the middle attacks would be
perspectives (is that project abandoned?) or some sort of distributed
certificate cache checking.
Or Certificate Transparency. :-)
On 29/04/2014 19:02 pm, Greg wrote:
I'm looking for a date that I could point to and call the birth of
modern HTTPS/PKI.
There is the Loren M Kohnfelder thesis from May of 1978, but that's not
quite it because it wasn't actually available to anyone at the time.
Perhaps an event along the
Or Certificate Transparency. :-)
Sorry Ben,
But your Certificate Transparency is not a solution.
It's an invitation to more trouble:
- Your currently published RFC doesn't actually fix the MITM problem, it merely
gives the illusion of a fix. It doesn't actually prevent governments from
- Your RFC is an obvious attempt to preserve today's pay-for-protection
system. It's clear from the RFC that Google is actually trying to lead the
internet down a dangerous path where people *must* pay for security by not
supporting self-signed certificates.
Erm, sorry, that should read:
On 2014-04-29 18:18, ianG wrote:
On 29/04/2014 19:02 pm, Greg wrote:
I'm looking for a date that I could point to and call the birth of
modern HTTPS/PKI.
There is the Loren M Kohnfelder thesis from May of 1978, but that's not
quite it because it wasn't actually available to anyone at the
I suspect our current X.509 PKI was invented at Xerox … likely PARC. The first
X.509 draft was a Xerox contribution in about 1984. I have it somewhere in my
garage…
Paul
On Apr 29, 2014, at 1:45 PM, Greg g...@kinostudios.com wrote:
On Apr 29, 2014, at 1:18 PM, ianG i...@iang.org
Hi Ian,
I will just respond to one of the many excellent points you’ve made.
On 2014-04-29, at 12:12 PM, ianG i...@iang.org wrote:
On 29/04/2014 17:14 pm, Jeffrey Goldberg wrote:
People do trust their browsers and OSes to maintain a list of trustworthy
CAs.
No they don't. Again, you are
On Apr 29, 2014, at 12:28 PM, Thierry Moreau thierry.mor...@connotech.com
wrote:
On 2014-04-29 18:18, ianG wrote:
On 29/04/2014 19:02 pm, Greg wrote:
I'm looking for a date that I could point to and call the birth of
modern HTTPS/PKI.
There is the Loren M Kohnfelder thesis from May of
Message du 29/04/14 20:11
De : Ben Laurie
On 29 April 2014 07:41, Ryan Carboni wrote:
the only logical way to protect against man in the middle attacks would be
perspectives (is that project abandoned?) or some sort of distributed
certificate cache checking.
Or Certificate
On Tue, Apr 29, 2014 at 7:10 PM, tpb-cry...@laposte.net wrote:
Or Certificate Transparency. :-)
And how is that supposed to work?
Here, let me help you out:
http://lmgtfy.com/?q=certificate+transparencyl=1
--
Tony Arcieri
___
cryptography
17 matches
Mail list logo