[messaging] PKI is dead

Justin King-Lacroix justin.king-lacroix at cs.ox.ac.uk
Fri Jan 23 14:49:13 PST 2015

I think "is" and "should be" have been conflated. (Unfortunately -- PKI
needs to die, I agree.)

Is PAKE really the way to go, though? Having servers store raw (as opposed
to salt-hashed) credentials feels like a mistake.


On 23 January 2015 at 09:57, U.Mutlu <for-gmane at mutluit.com> wrote:

> SSL certificate stuff (ie. PKI) is IMO dead. NSA killed it.
> Back to the roots: hashed pw over MITM-safe sessions (SRP, SPEKE etc, ie.
> PAKE).
> cu
> Uenal
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150123/af66e103/attachment.html>

More information about the Messaging mailing list