[liberationtech] Firesheep: Making the Complicated Trivial
Chris Palmer
chris at eff.org
Tue Oct 26 17:00:58 PDT 2010
On Oct 26, 2010, at 4:53 PM, Daniel Colascione wrote:
> I was waiting for someone to bring up tcpcrypt: while it does encrypt
> each connection, it doesn't authenticate the identity of the other
> party.
Thank you, you beat me to it.
"""Tcpcrypt abstracts away authentication, allowing any mechanism to be used, whether PKI, passwords, or something else."""
Unfortunately, that is not a very clear story. We need a clear story that makes sense to humans. I am certainly no fan of global PKI as it exists today, and no fan of global PKI generally. But "Alice knows Bob is Bob because Trent (who may be a maniac) said so" is certainly a better story than "Alice knows Bob is Bob due to some mechanism somewhere that we haven't specified yet".
--
Chris Palmer
Technology Director, Electronic Frontier Foundation
More information about the liberationtech
mailing list