Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Feds put heat on Web firms for master encryption keys

Eugen Leitl eugen at leitl.org
Thu Jul 25 04:12:51 PDT 2013


On Thu, Jul 25, 2013 at 11:22:25AM +0100, Nick wrote:
> On Thu, Jul 25, 2013 at 11:19:22AM +0200, Eugen Leitl wrote:
> > (See also https://en.wikipedia.org/wiki/Convergence_(SSL) )
> 
> Would Convergence help here? I can't see how. If a government
> secretly aquired the SSL private keys for a site, and the site

The idea is to promote self-signed certs to first class citizens
(no more browser scary warnings and veritable UI parcours
for users to click through) which enables a more widespread 
SSL use by removing interaction friction.  

"Secretly" acquiring secrets is not scalable if involving 
remote compromise or physical access to systems. In general
we cannot rely on integrity of central systems, and need
to move to a peer-to-peer model, where infrastructure is
owned and operated by geographically spread invididuals
running diversified systems, group coercion or compromise of 
which is statistically improbable.

> continued using them, then no convergence notary would know any
> cause not to vouch for the key.



More information about the liberationtech mailing list