On 08/25/2013 03:28 PM, Perry E. Metzger wrote:

So, imagine that we have the situation described by part 1 (some
universal system for mapping name@domain type identifiers into keys
with reasonable trust) and part 2 (most users having some sort of
long lived $40 device attached to their home network to act as a
"home server".)

My main issue with this proposal is that somebody identifiable is going
to manufacture these boxes.  Maybe several somebodies, but IMO, that's
an identifiable central point of control/failure.  If this is deployed,
what could an attacker gain by compromising the manufacturers, via sabotage,
component modification/substitution at a supplier's chip fab, or via
secret court order from a secret court operating according to a secret
interpretation of the law?


The cryptography mailing list

Reply via email to