Let's say web servers auto generated self-signed certificates for any
domain that didn't supply its own certificate, likely one from an authority.
What that would accomplish is to make the stream unreadable over the wire,
unless the attacker was willing and able to do an MITM with their own auto
Lucas Gonze lucas.go...@gmail.com writes:
Let's say web servers auto generated self-signed certificates for any
domain that didn't supply its own certificate, likely one from an authority.
What that would accomplish is to make the stream unreadable over the wire,
unless the attacker was
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/14/2014 12:46 PM, Lucas Gonze wrote:
Let's say web servers auto generated self-signed certificates for
any domain that didn't supply its own certificate, likely one from
an authority.
What that would accomplish is to make the stream
..on Fri, Mar 14, 2014 at 10:46:30AM -0700, Lucas Gonze wrote:
Let's say web servers auto generated self-signed certificates for any
domain that didn't supply its own certificate, likely one from an authority.
What that would accomplish is to make the stream unreadable over the wire,
unless
Julian Oliver jul...@julianoliver.com writes:
His Convergence project is certainly worth a look, too:
http://convergence.io/
Shame it didn't catch on. AFAIK it needs a certain critical mass of 'Trust
Notaries'.
afaict it was a fork of perspectives and perspectives is alive :)
..on Fri, Mar 14, 2014 at 04:03:48PM -0300, Nicolás Reynolds wrote:
Julian Oliver jul...@julianoliver.com writes:
His Convergence project is certainly worth a look, too:
http://convergence.io/
Shame it didn't catch on. AFAIK it needs a certain critical mass of 'Trust
Notaries'.
On 03/14/14 19:56, Julian Oliver wrote:
..on Fri, Mar 14, 2014 at 10:46:30AM -0700, Lucas Gonze wrote:
Let's say web servers auto generated self-signed certificates for any
domain that didn't supply its own certificate, likely one from an authority.
What that would accomplish is to make the
The MITM is much more expensive, so would make it unfeasible to maintain
current levels of surveillance.
The MITM can't be done in secrecy. The client can publish the certificate
that it received. This would force the surveillance apparatus to reveal
itself.
On Fri, Mar 14, 2014 at 2:45 PM,
On 03/14/14 22:45, John Adams wrote:
You misunderstand the signing practice if you think this is a good idea.
I don't get it yet, in which part would I be getting wrong, the signing
of server certificates by CAs, or the DNSSEC/DANE part? Please elaborate.
Granted, it provides a low level of