On 25 July 2013 11:22, Nick <[email protected]> wrote: > On Thu, Jul 25, 2013 at 11:19:22AM +0200, Eugen Leitl wrote: >> (See also https://en.wikipedia.org/wiki/Convergence_(SSL) ) > > Would Convergence help here? I can't see how. If a government > secretly aquired the SSL private keys for a site, and the site > continued using them, then no convergence notary would know any > cause not to vouch for the key.
What helps here is perfect forward secrecy. BTW, better alternative to Convergence: Certificate Transparency - http://tools.ietf.org/html/rfc6962. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
