[Cryptography] The next generation secure email solution

Ralf Senderek crypto at senderek.ie
Tue Dec 17 15:35:02 EST 2013


Guido Witmond wrote:

> For email replacement you need to validate that there is no man in the
> middle. The user agent cannot do that alone. It needs a global list of
> certificates signed by each site. I call that the 'Global Registry of
> Dishonesty' as it will show any attempts at a MitM.

Doesn't that open the door for a DOS attack? By which means does the site
that maintains this list decide which certificates are valid and which are
not? Are we relying on a global PKI for this? The benefit of your proposal
was, that two relatively inexperienced users are able to perform the
initial steps of a trusted crypto relationship without having to trust
another third party except the one that issues them certificates. The MITM
check will expand this model into something, I cannot clearly define at
the moment, but seems to lead back to the (broken) system.

            --ralf


More information about the cryptography mailing list