Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Feds put heat on Web firms for master encryption keys

David Edmondson dme at dme.org
Thu Jul 25 05:17:52 PDT 2013


On Thu, Jul 25 2013, Eugen Leitl wrote:
> On Thu, Jul 25, 2013 at 11:22:25AM +0100, Nick wrote:
>> On Thu, Jul 25, 2013 at 11:19:22AM +0200, Eugen Leitl wrote:
>> > (See also https://en.wikipedia.org/wiki/Convergence_(SSL) )
>> 
>> Would Convergence help here? I can't see how. If a government
>> secretly aquired the SSL private keys for a site, and the site
>
> The idea is to promote self-signed certs to first class citizens
> (no more browser scary warnings and veritable UI parcours
> for users to click through) which enables a more widespread 
> SSL use by removing interaction friction.  
>
> "Secretly" acquiring secrets is not scalable if involving 
> remote compromise or physical access to systems. In general
> we cannot rely on integrity of central systems, and need
> to move to a peer-to-peer model, where infrastructure is
> owned and operated by geographically spread invididuals
> running diversified systems, group coercion or compromise of 
> which is statistically improbable.

So in the long term the plan is to invert the current warnings? ("This
site is certified by a central authority, and hence untrustworthy. Do
you wish to continue?")


More information about the liberationtech mailing list