[148496] in cryptography@c2.net mail archive
Re: [Cryptography] The next generation secure email solution
daemon@ATHENA.MIT.EDU (Ralf Senderek)
Tue Dec 17 17:12:40 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 17 Dec 2013 21:35:02 +0100 (CET)
From: Ralf Senderek <crypto@senderek.ie>
To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <20131217202409.2AE112BB9C@laptop.kerry-linux.ie>
Cc: Guido Witmond <guido@witmond.nl>
Reply-To: Ralf Senderek <crypto@senderek.ie>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Guido Witmond wrote:
> For email replacement you need to validate that there is no man in the
> middle. The user agent cannot do that alone. It needs a global list of
> certificates signed by each site. I call that the 'Global Registry of
> Dishonesty' as it will show any attempts at a MitM.
Doesn't that open the door for a DOS attack? By which means does the site
that maintains this list decide which certificates are valid and which are
not? Are we relying on a global PKI for this? The benefit of your proposal
was, that two relatively inexperienced users are able to perform the
initial steps of a trusted crypto relationship without having to trust
another third party except the one that issues them certificates. The MITM
check will expand this model into something, I cannot clearly define at
the moment, but seems to lead back to the (broken) system.
--ralf
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
