[Cryptography] replacing the whole sodding lot
Guido Witmond
guido at witmond.nl
Wed May 6 02:02:41 EDT 2015
On 05/05/15 08:17, Tom Ritter wrote:
> On 4 May 2015 at 19:09, ianG <iang at iang.org> wrote:
>> One of the snarky predictions I made to the SSL/PKI/CA cabal when they
>> refused to respond to security issues was that at some point the whole lot
>> would be replaced. It took a while, but there are now some green shoots.
>> This is spectacularly good, and I will say that all of the nasty things I've
>> said about this company are forgiven. I'll still say them, but ALL is
>> FORGIVEN:
>
> You can like QUIC as a TLS-replacement... but it doesn't change PKI.
> It's still rooted in CAs (modulo certificate pinning.)
There is no reason to assume there is *only one* way to set up a
CA-infrastructure.
We all know the flaws of the current setup, however, as I try to show
with Eccentric Authentication, that setup can be replaced with something
different! With different security properties.
Regards, Guido.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150506/5aef089e/attachment.sig>
More information about the cryptography
mailing list