[Cryptography] Moving forward on improving HTTP's security

Phillip Hallam-Baker hallam at gmail.com
Thu Nov 14 20:04:20 EST 2013


On Thu, Nov 14, 2013 at 2:50 PM, Tony Arcieri <bascule at gmail.com> wrote:

> On Wed, Nov 13, 2013 at 9:46 PM, Greg <greg at kinostudios.com> wrote:
>>
>> The basics would be to not use the CAs. Working on rest of details,
>> they're mostly finished, just gotta make 'em nice 'n pretty. And some code
>> would be good, too.
>>
>
> And what of other solutions like CT or Tack?
>
> Given Google's power to influence change via Chrome and its share of the
> browser market, I think we'll see CT as the the primary solution for what
> ails the existing PKI.
>

How does CT prevent coding errors in browsers? in Adobe Flash?

How does CT prevent network managers losing their keys or exporting the
private component and sending it to someone as an attachment?

How does CT shut down a party that legitimately obtains a certificate and
then acts maliciously?


There are many issues with the Web PKI. The biggest one is actually the
fact that most of the browsers make reducing connection latency a higher
priority than processing certificate revocation properly.


-- 
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131114/10487510/attachment.html>


More information about the cryptography mailing list