Security by asking the drunk whether he's drunk
David Molnar
dmolnar at eecs.berkeley.edu
Sat Dec 27 15:39:44 EST 2008
Ben Laurie wrote:
>
> I can't find discussion of Perspectives - hint?
Service from a group at CMU that uses semi-trusted "notary" servers to
periodically probe a web site to see which public key it uses. The
notaries provide the list of keys used to you, so you can attempt to
detect things like a site that has a different key for you than
previously shown to all of the notaries. The idea is that to fool the
system, the adversary has to compromise all links between the target
site and the notaries all the time.
Paper, code, and Firefox extension:
http://www.cs.cmu.edu/~perspectives/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20081227/37f94aa8/attachment.pgp>
More information about the cryptography
mailing list