[148185] in cryptography@c2.net mail archive
Re: [Cryptography] Moving forward on improving HTTP's security
daemon@ATHENA.MIT.EDU (James A. Donald)
Fri Nov 15 13:03:29 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 15 Nov 2013 15:01:46 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
In-Reply-To: <C5DF885A-7641-4BD6-A81D-6755AD9588A1@kinostudios.com>
Reply-To: jamesd@echeque.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 2013-11-14 15:46, Greg wrote:
> On Nov 13, 2013, at 7:05 PM, John Kelsey <crypto.jmk@gmail.com
> <mailto:crypto.jmk@gmail.com>> wrote:
>> So your solution is what? Continue sending data in the clear?
>
> The basics would be to not use the CAs. Working on rest of details,
> they're mostly finished, just gotta make 'em nice 'n pretty. And some
> code would be good, too.
The not quite good enough is the enemy of the adequate.
The problem with CAs is that Bob usually knows more about Carol that the
CA knows about Bob or Carol. Thus "trust" between Bob and Carol
supplied by the CA tends to be inconvenient, expensive and unsafe.
Introducing a distant third party between Bob and Carol is a security
hole, not a security solution.
The solution is yurls, Zooko's triangle, and, here comes the hard part,
squaring Zooko's triangle.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
