[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol

[Tao Effect]

On Aug 29, 2014, at 10:36 AM, Ben Laurie <ben at links.org> wrote:
> I haven't seen evidence that you checked the website the day prior.
> I'm not sure how you would provide such evidence, either, but it does
> occur to me that the tool you were using would be usefully enhanced by
> showing when the old cert was last seen...

If I could be assured that it was worth my time, I could dredge up Time Machine backups from that period and view my firefox browsing history to provide the needed proof.

>> That is why I prefer systems that prevent MITM attacks from happening
>> in the first place, and without any ambiguity.
> 
> I don't know how to achieve that.


Is that in reference to things like HeartBleed (private key compromise, etc.)?

Here's the reason why this is a false choice (if that's what you're referring to):

- Private key compromise / backdoors / bugs are pretty much the only way that MITM can happen with DNSChain / blockchain-based auth.

- Certificate Transparency allows that, plus mass-MITM (global) surveillance.

Preventing mass-MITM as much as possible is what I was referring to by "prevent MITM attacks from happening in the first place".

Kind regards,
Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140829/12d90f6b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140829/12d90f6b/attachment.sig>