[Cryptography] Is it time for a revolution to replace TLS?

[Tom Mitchell]

On Tue, May 13, 2014 at 1:01 PM, John Denker <jsd at av8n.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This thread has generated a lot of good discussion.  In contrast,
> to my surprise, the recent thread on "forged SSL certificates" was
> only one message long.

I was wondering the same thing as I read the paper last night.
Then I wondered how many had marked it for further thought
as I had.

Two things come to mind:
 1) a trusted cache needs to exist for certificates.
     multiple caches in fact.
 2) DNS caches to help notice odd changes
     again multiple caches are needed.

I had no idea that it was so difficult to detect.

I do see a growing need for VPN services where
preshared keys are necessary to connect.   All
companies and organizations need to establish
policies and resources to protect their connections.
Sadly most have taken this as a permission and a
justified need to snoop on the wire and that is the single
largest risk in the pile simply because if you can snoop
others can.

-- 
  T o m    M i t c h e l l