[Cryptography] replacing the whole sodding lot
Tom Ritter
tom at ritter.vg
Tue May 5 02:17:55 EDT 2015
On 4 May 2015 at 19:09, ianG <iang at iang.org> wrote:
> One of the snarky predictions I made to the SSL/PKI/CA cabal when they
> refused to respond to security issues was that at some point the whole lot
> would be replaced. It took a while, but there are now some green shoots.
> This is spectacularly good, and I will say that all of the nasty things I've
> said about this company are forgiven. I'll still say them, but ALL is
> FORGIVEN:
You can like QUIC as a TLS-replacement... but it doesn't change PKI.
It's still rooted in CAs (modulo certificate pinning.)
http://src.chromium.org/viewvc/chrome/trunk/src/net/quic/crypto/proof_verifier_chromium.cc
https://docs.google.com/document/d/1g5nIXAIkN_Y-7XJW5K45IblHd_L2f5LTaDUDwvZ5L6g/edit?pli=1#
-tom
More information about the cryptography
mailing list