[liberationtech] Feds put heat on Web firms for master encryption keys
David Edmondson
dme at dme.org
Thu Jul 25 05:17:52 PDT 2013
On Thu, Jul 25 2013, Eugen Leitl wrote:
> On Thu, Jul 25, 2013 at 11:22:25AM +0100, Nick wrote:
>> On Thu, Jul 25, 2013 at 11:19:22AM +0200, Eugen Leitl wrote:
>> > (See also https://en.wikipedia.org/wiki/Convergence_(SSL) )
>>
>> Would Convergence help here? I can't see how. If a government
>> secretly aquired the SSL private keys for a site, and the site
>
> The idea is to promote self-signed certs to first class citizens
> (no more browser scary warnings and veritable UI parcours
> for users to click through) which enables a more widespread
> SSL use by removing interaction friction.
>
> "Secretly" acquiring secrets is not scalable if involving
> remote compromise or physical access to systems. In general
> we cannot rely on integrity of central systems, and need
> to move to a peer-to-peer model, where infrastructure is
> owned and operated by geographically spread invididuals
> running diversified systems, group coercion or compromise of
> which is statistically improbable.
So in the long term the plan is to invert the current warnings? ("This
site is certified by a central authority, and hence untrustworthy. Do
you wish to continue?")
More information about the liberationtech
mailing list