On Thu, Jul 25, 2013 at 11:22:25AM +0100, Nick wrote: > On Thu, Jul 25, 2013 at 11:19:22AM +0200, Eugen Leitl wrote: > > (See also https://en.wikipedia.org/wiki/Convergence_(SSL) ) > > Would Convergence help here? I can't see how. If a government > secretly aquired the SSL private keys for a site, and the site
The idea is to promote self-signed certs to first class citizens (no more browser scary warnings and veritable UI parcours for users to click through) which enables a more widespread SSL use by removing interaction friction. "Secretly" acquiring secrets is not scalable if involving remote compromise or physical access to systems. In general we cannot rely on integrity of central systems, and need to move to a peer-to-peer model, where infrastructure is owned and operated by geographically spread invididuals running diversified systems, group coercion or compromise of which is statistically improbable. > continued using them, then no convergence notary would know any > cause not to vouch for the key. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
