Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Feds put heat on Web firms for master encryption keys

Ben Laurie ben at links.org
Thu Jul 25 03:41:46 PDT 2013


On 25 July 2013 11:22, Nick <liberationtech at njw.me.uk> wrote:
> On Thu, Jul 25, 2013 at 11:19:22AM +0200, Eugen Leitl wrote:
>> (See also https://en.wikipedia.org/wiki/Convergence_(SSL) )
>
> Would Convergence help here? I can't see how. If a government
> secretly aquired the SSL private keys for a site, and the site
> continued using them, then no convergence notary would know any
> cause not to vouch for the key.

What helps here is perfect forward secrecy.

BTW, better alternative to Convergence: Certificate Transparency -
http://tools.ietf.org/html/rfc6962.



More information about the liberationtech mailing list