On Aug 29, 2014, at 10:30 AM, Watson Ladd <[email protected]> wrote:
> On Fri, Aug 29, 2014 at 10:17 AM, Tao Effect <[email protected]> wrote: >> I had checked the website the day prior to those tweets. Cert change >> appeared a day later. That is why I was (and am still) convinced that it was >> a MITM attack. > > Where the website owner confirmed that the new cert was correct? Yes, see the tweets. It was an example of a revoked certificate being used in place of the new one (possibly compromised because of HeartBleed). Neither Chrome nor Firefox can reliably check to see if a certificate is revoked. > The basic problem is that the only individual who knows what keys > should be associated with them, is the individual who owns the private > keys. And so you need to have a consistent, global view of that map, > which can get occasionally updated and have them check the correctness > of this map. Yes, such a mapping is called "The Blockchain". :-) DNSChain makes that mapping accessible to all devices (without needing to run a node or store the blockchain locally): https://github.com/okTurtles/dnschain Kind regards, Greg Slepak -- Please do not email me anything that you are not comfortable also sharing with the NSA. > >> >> This event serves as a real-world example of the community's reaction to >> MITM attacks. It highlights extreme skepticism and apathy in spite of clear >> evidence of a MITM attack. >> >> Only major CA compromises that have affected giant companies (like Google) >> get press. >> >> This example shows that people on this list could be MITM attacked right >> now, and in the unlikely event that they detected it, it may not matter >> much. That is why I prefer systems that prevent MITM attacks from happening >> in the first place, and without any ambiguity. > > What's the difference between the key associated to > [email protected] changing because I forgot a passphrase and > changing because it's been MITM'd? If you want to make addresses keys, > then you introduce a different set of problems, where the address > associated to an individual is changed. > > The basic problem is that the only individual who knows what keys > should be associated with them, is the individual who owns the private > keys. And so you need to have a consistent, global view of that map, > which can get occasionally updated and have them check the correctness > of this map. > > Sincerely, > Watson Ladd > >> >> Cheers, >> Greg Slepak >> >> -- >> Please do not email me anything that you are not comfortable also sharing >> with the NSA. >> >> >> >> _______________________________________________ >> Messaging mailing list >> [email protected] >> https://moderncrypto.org/mailman/listinfo/messaging >> > > > > -- > "Those who would give up Essential Liberty to purchase a little > Temporary Safety deserve neither Liberty nor Safety." > -- Benjamin Franklin
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
