[Cryptography] Certificates and PKI

Paul Wouters paul at cypherpunks.ca
Sat Dec 27 12:25:24 EST 2014

On Fri, 26 Dec 2014, Tony Arcieri wrote:

> I was a fan of opportunistic encryption for awhile, but after seeing this, it started to seem pretty silly to me:
> https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks
> So FUD about CAs aside, without some form of authentication, ISPs (or anyone with a privileged network position) can and *are*
> automatically and trivially stripping opportunistic encryption, rendering it effectively useless.

You are confusing "opoprtunistic encryption" with "anonymous
encryption". If it is opportunistic, it does not mean that there was no
authentication. It just means it was not a pre-configured trust.

And regardless, encrypting the plaintext is not worse even in the
absense of authentication, as long as you don't mislead the enduser
about the security status.


More information about the cryptography mailing list