On 2011-09-09 9:11 AM, Lucky Green wrote:
- while it is possible to build communication systems that use some of the components of the SSL system that withstand governmental security services interception (I have designed and deployed such systems
> myself)
yurls?
an entirely different system in which each SSL certificate seen by a browser is sent up to the browser vendor checking for consistency. The first few visitors to a website would be exposed to a higher risk,
No one is much interested in attacking a website when it first comes up, only when it already has a significant user base, thus should be safe for everyone.
Overall, such a system would likely be safe enough to meet the design goal for Internet users to be able to send their credit card information over the network with fraud rates due to interception being on par or lower than card present transactions. Yet this is not fixing PKI. This is throwing PKI overboard and designing an entirely different system from the ground up.
Can't fix PKI. Needs wholesale replacement. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
