[liberationtech] Feds put heat on Web firms for master encryption keys
Eugen Leitl
eugen at leitl.org
Thu Jul 25 04:12:51 PDT 2013
On Thu, Jul 25, 2013 at 11:22:25AM +0100, Nick wrote:
> On Thu, Jul 25, 2013 at 11:19:22AM +0200, Eugen Leitl wrote:
> > (See also https://en.wikipedia.org/wiki/Convergence_(SSL) )
>
> Would Convergence help here? I can't see how. If a government
> secretly aquired the SSL private keys for a site, and the site
The idea is to promote self-signed certs to first class citizens
(no more browser scary warnings and veritable UI parcours
for users to click through) which enables a more widespread
SSL use by removing interaction friction.
"Secretly" acquiring secrets is not scalable if involving
remote compromise or physical access to systems. In general
we cannot rely on integrity of central systems, and need
to move to a peer-to-peer model, where infrastructure is
owned and operated by geographically spread invididuals
running diversified systems, group coercion or compromise of
which is statistically improbable.
> continued using them, then no convergence notary would know any
> cause not to vouch for the key.
More information about the liberationtech
mailing list