On Aug 29, 2014, at 10:36 AM, Ben Laurie <[email protected]> wrote: > I haven't seen evidence that you checked the website the day prior. > I'm not sure how you would provide such evidence, either, but it does > occur to me that the tool you were using would be usefully enhanced by > showing when the old cert was last seen...
If I could be assured that it was worth my time, I could dredge up Time Machine backups from that period and view my firefox browsing history to provide the needed proof. >> That is why I prefer systems that prevent MITM attacks from happening >> in the first place, and without any ambiguity. > > I don't know how to achieve that. Is that in reference to things like HeartBleed (private key compromise, etc.)? Here's the reason why this is a false choice (if that's what you're referring to): - Private key compromise / backdoors / bugs are pretty much the only way that MITM can happen with DNSChain / blockchain-based auth. - Certificate Transparency allows that, plus mass-MITM (global) surveillance. Preventing mass-MITM as much as possible is what I was referring to by "prevent MITM attacks from happening in the first place". Kind regards, Greg Slepak -- Please do not email me anything that you are not comfortable also sharing with the NSA.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
