[Cryptography] "Trust in digital certificate ecosystem eroding"

Sampo Syreeni decoy at iki.fi
Mon May 4 20:11:07 EDT 2015

On 2015-05-04, Guido Witmond wrote:

>> The local dictators could mandate that every computer and every phone 
>> ships with their very own version of ICANN root's key, enabling the 
>> Great Firewall of Notrustistan to spoof TLSA records and then MITM 
>> the TLS connections...
> If someone has control over your endpoint, it's game over.

Or in otherwords, there's no solution to the problem of preemptive 
rubberhosing of the entire population. That's a game you can't win even 
in principle, so the only sane move is not to play.
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2

More information about the cryptography mailing list