[Cryptography] HTTP should be deprecated.
Guido Witmond
guido at witmond.nl
Mon Nov 4 15:17:38 EST 2013
On 11/04/13 18:44, John Kelsey wrote:
> On Nov 4, 2013, at 10:50 AM, Greg <greg at kinostudios.com> wrote:
>
>> Could someone please forward this message to the Elders of the
>> Internet™?
>>
>> It's time to make encryption mandatory in all communication
>> protocols.
>
> Amen! [...]
>
> The sticking point here is key management, which is a big potential
> administrative pain in the ass. But it's worth wondering if we
> could at least get widespread use of Diffie-Hellman + GCM as a
> default. There is no key management there, and no defense against
> MIM attacks, but at least everything doesn't go out in the clear.
Key management should be automated to the point that the *end user*
doesn't see it anymore.
<plug>I've got the ideas how to do it in a very backwards compatible way
on the current internet. It requires a user agent at the client and some
server side software to generate certificates.
See http://eccentric-authentication.org</plug>
Now If I got some funding to make it a Firefox plug-in, it would also be
easy to install.
Regards, Guido.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131104/addb639c/attachment.pgp>
More information about the cryptography
mailing list