[messaging] PKI is dead

Trevor Perrin trevp at trevp.net
Fri Jan 23 15:05:49 PST 2015


Are we just discussing website login and Web PKI here?

If there's no direct connection to end-to-end secure messaging, could
people discuss this elsewhere?


On Fri, Jan 23, 2015 at 1:01 PM, Tony Arcieri <bascule at gmail.com> wrote:
> On Fri, Jan 23, 2015 at 1:57 AM, U.Mutlu <for-gmane at mutluit.com> wrote:
>> Back to the roots: hashed pw over MITM-safe sessions (SRP, SPEKE etc, ie.
>> PAKE).
> These aren't MITM safe. They're TOFU. They have no way to authenticate the
> server.
> When you enroll a PAKE account, if you're talking to a MITM server, you're
> toast. The MITM can then enroll with the real service on your behalf and
> transparently proxy everything through, except the MITM will have the real
> credentials, and your credentials will only work with the MITM.
> Also: passwords suck and need to go away.
> --
> Tony Arcieri
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging

More information about the Messaging mailing list