[liberationtech] Does anyone know a celebrity who feels strongly about privacy issues?
Guido Witmond
guido at witmond.nl
Mon Aug 12 14:34:20 PDT 2013
Dear professor Ruiz.
The real issue is to create an *easy* way to do hash validation
correctly. Reading a hash on youtube is not going to make it.
You use HTTPS without DNSSEC and DANE. Please use those first. It solves
a lot of your server validation issues. At least it allows your users'
browsers to validate code44.com.
I repeat: Hashes are for computers, not for people.
Plugging my own warez: I believe I've come up with a way to do DNSSEC
and DANE in combination with a certificate repository. It allows the
browser to validate the authenticity of a server certificate.
When validated it can be sure that the javascript found at a page is
indeed that what the page-author wanted. Please see:
http://eccentric-authentication.org/blog/2013/03/23/Cryptographic-same-origin-policy.html
And please ask if anything is unclear. I love to receive comments on
where I'm right or wrong.
Regards, Guido.
More information about the liberationtech
mailing list