<p dir="ltr"><br>
Den 19 aug 2014 16:17 skrev "Tom Ritter" <<a href="mailto:tom@ritter.vg">tom@ritter.vg</a>>:<br>
><br>
> On 19 August 2014 03:18, Trevor Perrin <<a href="mailto:trevp@trevp.net">trevp@trevp.net</a>> wrote:<br>
> > Yet I'd ALSO claim the provider is one of the most<br>
> > important entities for end-to-end crypto to protect us from.<br>
> > Conundrum.<br>
><br>
> When you don't trust your provider, I think that can be roughly<br>
> analogized to trying to solve the present-day CA system while<br>
> acknowledging they're not going away. The best we've seen come up<br>
> with is CT. It's a 'Trust but Verify' model, except those who verify<br>
> are very few. The extension of this, I mentioned a few months ago:<br>
><br>
> On 26 March 2014 08:17, Tom Ritter <<a href="mailto:tom@ritter.vg">tom@ritter.vg</a>> wrote:<br>
> > A design I keep circling back to, despite not liking it all that much,<br>
> > is a 98% Trust, 2% Verify model. It needs a new name, but the idea is<br>
> > open specifications, and open ability to write outside clients that<br>
> > interop that you trust more. The outside client may be browser<br>
> > extensions silently verifying the code, extensions providing the whole<br>
> > experience, mobile apps, native apps, whatever. The 2% run these<br>
> > outside clients and don't 'trust' the service to do the encryption,<br>
> > the 98% use provider-bootstrapped code that can be tampered with.<br>
> > Delicately designed, on an individual request, the service shouldn't<br>
> > know who is the 2% vs the 98% until it's too late to undetectably<br>
> > tamper. On repeated observations, the service may know, but I think<br>
> > this can be mitigated a little bit.<br></p>
<p dir="ltr">I recognize this approach from reading about cryptographic voting methods, the general method is called "cut and choose" where a random subset of inputs is revealed/unsealed, selected to make malice hard to hide. </p>
<p dir="ltr">So "cut and choose verification"? </p>