[Cryptography] "Trust in digital certificate ecosystem eroding"
Sampo Syreeni
decoy at iki.fi
Mon May 4 20:11:07 EDT 2015
On 2015-05-04, Guido Witmond wrote:
>> The local dictators could mandate that every computer and every phone
>> ships with their very own version of ICANN root's key, enabling the
>> Great Firewall of Notrustistan to spoof TLSA records and then MITM
>> the TLS connections...
>
> If someone has control over your endpoint, it's game over.
Or in otherwords, there's no solution to the problem of preemptive
rubberhosing of the entire population. That's a game you can't win even
in principle, so the only sane move is not to play.
--
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
More information about the cryptography
mailing list