the only logical way to protect against man in the middle attacks would be perspectives (is that project abandoned?) or some sort of distributed certificate cache checking.
because that's the only use of certificates right? to protect against man in the middle? On Mon, Apr 28, 2014 at 6:25 PM, Jason Iannone <jason.iann...@gmail.com>wrote: > If browsers are defeating the purpose of the chain of trust, by forcing > trust in this example, why design them to freak out when a site self signs? > On Apr 28, 2014 6:32 PM, "Jeffrey Walton" <noloa...@gmail.com> wrote: > >> On Mon, Apr 28, 2014 at 8:20 PM, Ryan Carboni <rya...@gmail.com> wrote: >> > One can always start with the difficult first step of uninstalling >> > certificate authorities you do not trust. >> >> "Opera will autorepair damage to the certificate repository, a missing >> Certificate Authority is considered damage. Opera ships with a list of >> frequently used certificates, and if any of these are missing they >> will be added the next time the repository is read from disk. Other >> certificates will be added from the online repository as needed." - >> http://my.opera.com/community/forums/topic.dml?id=1580452 >> >> Its not just Opera. Others are using similar innovative methods to >> reduce the support load and costs. >> >> Jeff >> >> > On Mon, Apr 28, 2014 at 4:42 PM, ianG <i...@iang.org> wrote: >> >> >> >> On 29/04/2014 00:12 am, Ryan Carboni wrote: >> >> > trust is outsourced all the time in the non-cryptographic world >> >> >> >> trust is built up all the time, risks are taken all the time, choice is >> >> taken all the time. >> >> >> >> > unless you do not have a bank account >> >> >> >> That's not outsourced, that's direct, person to bank, the person has a >> >> choice, chooses to place her trust in that bank. Also, it is limited >> to >> >> defined things that are required, can't be done by the person, and >> >> bolstered by real backing such as FIDC. >> >> >> >> When you suggest "it's probably best we trust authorities" that is >> >> CA-playbook crapola meaning "you must trust the authorities that have >> >> been picked for you." The vector has been reversed, people are told >> >> what has to happen, so there is no trust. >> >> >> >> Trust derives from choice. Where is the choice? >> >> >> >> > On Mon, Apr 28, 2014 at 3:00 PM, James A. Donald <jam...@echeque.com >> >> > <mailto:jam...@echeque.com>> wrote: >> >> > >> >> > On 2014-04-29 05:58, Ryan Carboni wrote: >> >> > >> >> > We happen to live on a planet where most users are >> ordinary >> >> > users. >> >> > >> >> > >> >> > given the extent of phishing, it's probably best we outsource >> >> > trust to >> >> > centralized authorities. >> >> > Although it should be easier establishing your own >> certificate >> >> > authority. >> >> > >> >> > Cannot outsource trust Ann usually knows more about Bob than a >> >> > distant authority does. A certificate authority does not certify >> >> > that Bob is trustworthy, but that his name is Bob. >> >> > >> >> > In practice, however we find that diverse entities have very >> similar >> >> > names, and a single entity may have many names. >> _______________________________________________ >> cryptography mailing list >> cryptography@randombit.net >> http://lists.randombit.net/mailman/listinfo/cryptography >> >
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
