[Cryptography] Layering Web Encryption?
Chris Tonkinson
chris at tonkinson.com
Thu Feb 26 13:38:42 EST 2015
On 02/25/2015 04:14 PM, Natanael wrote:
> Den 25 feb 2015 20:18 skrev "Chris Tonkinson" <chris at tonkinson.com
> <mailto:chris at tonkinson.com>>:
> Yes you could, but in every place I can think of where you could add
> functional support for an encryption layer on top of TLS would be better
> served by dropping TLS and using the second encryption scheme alone.
You're right, and thinking further down that road, such a system would
obviate PFS anyway - if I've learned correctly, PFS was designed simply
to separate the keys used for authentication from the keys used for
message encryption such that a compromise of the former would not
directly endanger the latter. Handing responsibility of key management
(for encryption purposes) to the client means that encryption key
compromises are necessarily per-user.
Such a scheme would have rendered the Lavabit NSL drama effectively
moot, as an example. No longer would encryption key requests for a
single user or small group of users of some service necessitate security
become broken for other "unaffected" users of said service.
Someone pointed me towards RFC 6091 but my read of it would only allow
OpenPGP keys /instead/ of X.509 - it does not appear to shift the
encryption private key to the client.
Assuming this is even a desirable pipe dream to have - am I wrong that
it would, on the whole, improve the robustness of encryption for
services over the current PKI model?
--
Chris Tonkinson
http://chris.tonkinson.com/
610.425.7807
"Lead, follow, or get out of the way."
-Thomas Paine
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150226/4e04e7f2/attachment.sig>
More information about the cryptography
mailing list