On 28 August 2014 21:20, Moxie Marlinspike <[email protected]> wrote: > What I'm confused about is, where's the evidence? If the cryptosystem > is truly "invisible" to the user (as it should be!), these keys are > going to be changing a lot, especially for users who aren't terribly > crypto-literate (ie: Glenn Greenwald).
I hear this claim a lot (that the crypto system should be invisible). I don't buy it: if it is invisible, then there can be no distinction between "you are communicating with an entity you have verified" and "you are communicating with an unverified entity (who could be a MITM)". Clearly this is bad. Now, if we can somehow avoid the need for verification using, say, a CT-like mechanism, then we still need to distinguish between the "everything is OK" state and the "log is doing something evil" state. _Somewhere_ we have to make these things visible. If it is invisible, the user is not protected. _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
