On Sep 28, 2014, at 5:34 PM, Greg wrote:
> On Sep 28, 2014, at 5:23 PM, Paul Wouters wrote:
>> No. On the contrary, DNScrypt requires a centralised and pre-authenticated
>> setup
>
> That word, "centralised" (sic), I do not think it means what you think. ;)
Apologies, someone pointed out to m
On Sep 28, 2014, at 5:23 PM, Paul Wouters wrote:
> No. On the contrary, DNScrypt requires a centralised and pre-authenticated
> setup
That word, "centralised" (sic), I do not think it means what you think. ;)
The "Crypt" part of DNSCrypt is decentralized by design, anyone can run their
own DNS
On Sun, 28 Sep 2014, Nicolai wrote:
You took it out of context. What I wrote was about certificate checking:
Of course, one has to be careul not to make the same privacy mistakes as
CRL/OCSP did. But we have other decentralised methods that have better
privacy (such as d
On Fri, Sep 26, 2014 at 06:52:34PM -0700, Greg wrote:
> This the other question you asked:
>
> > And if I find out that's the case, would people care about little old me
> > enough to burn a CA such as Comodo?
>
>
> I think it depends on the situation, and the frequency with which
> "malfunct
On Sun, Sep 28, 2014 at 05:18:33PM -0400, Paul Wouters wrote:
> On Sun, 28 Sep 2014, Nicolai wrote:
>
> >On Fri, Sep 26, 2014 at 10:31:00PM -0400, Paul Wouters wrote:
> >
> >>But we have other decentralised methods that have better privacy (such
> >>as dnssec
> >
> >DNSSEC is not encrypted, so it
On Fri, Sep 26, 2014 at 10:31:00PM -0400, Paul Wouters wrote:
> But we have other decentralised methods that have better privacy (such
> as dnssec
DNSSEC is not encrypted, so it has no privacy. It even leaks data that
DNS doesn't. I just checked, and all 5 Eyes plus China and Russia
support DNS
This is a reply to Ben Laurie's email on [messaging] because Trevor expressed
concern that CT is off topic for that list. In respecting his wishes, I decided
to reply to Ben's email here on randombit.
On Sep 27, 2014, at 4:38 AM, Ben Laurie wrote:
> b) If there's an advantage to downloading th
Dear Paul,
Please see my reply to you on [trans] and this email from [messaging]:
Gossip doesn't save Certificate Transparency
https://moderncrypto.org/mail-archive/messaging/2014/000873.html
> There is no reason you have to wait post-facto. You have the option to
> check the certificate you go
I don't know how google proposes to do it. I don't find their
explanation entirely clear.
Here is how I would do it. It guarantees that everyone sees the same
information, and any attempt to tell two different stories immediately
gets caught.
There will be a mapping between strings and has
On Fri, 26 Sep 2014, Greg wrote:
But what about normal people? I have to check up to 1000 different logs
to see if I've been attacked? And if I find out that's the case, would
people care about little old me enough to burn a CA such as Comodo?
It seems CT could potenti
Dear Nicolai,
On Sep 25, 2014, at 8:29 PM, Nicolai
wrote:
> It seems to me that CT could benefit security only in a "trickle down"
> sense: if a cert is improperly issued against a major domain like
> google.com, that CA can be punished by Chromium/Chrome, with the logs
> providing political/le
On Wed, Sep 24, 2014 at 11:17:28AM -0700, Greg wrote:
> http://blog.okturtles.com/2014/09/the-trouble-with-certificate-transparency/
Hi Greg,
It seems to me that CT could benefit security only in a "trickle down"
sense: if a cert is improperly issued against a major domain like
google.com, that C
This post explains how undetected MITM attacks still remain possible even if
Google's Certificate Transparency (CT) becomes widely deployed, and it dissects
many of Google's false and misleading claims about it.
Many thanks go to Zaki (@zmanian), Simon (@simondlr) and others to reviewing it
pri
13 matches
Mail list logo