[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol

Tao Effect contact at taoeffect.com
Fri Aug 29 11:26:44 PDT 2014

On Aug 29, 2014, at 10:36 AM, Ben Laurie <ben at links.org> wrote:
> I haven't seen evidence that you checked the website the day prior.
> I'm not sure how you would provide such evidence, either, but it does
> occur to me that the tool you were using would be usefully enhanced by
> showing when the old cert was last seen...

If I could be assured that it was worth my time, I could dredge up Time Machine backups from that period and view my firefox browsing history to provide the needed proof.

>> That is why I prefer systems that prevent MITM attacks from happening
>> in the first place, and without any ambiguity.
> I don't know how to achieve that.

Is that in reference to things like HeartBleed (private key compromise, etc.)?

Here's the reason why this is a false choice (if that's what you're referring to):

- Private key compromise / backdoors / bugs are pretty much the only way that MITM can happen with DNSChain / blockchain-based auth.

- Certificate Transparency allows that, plus mass-MITM (global) surveillance.

Preventing mass-MITM as much as possible is what I was referring to by "prevent MITM attacks from happening in the first place".

Kind regards,
Greg Slepak

Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140829/12d90f6b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140829/12d90f6b/attachment.sig>

More information about the Messaging mailing list