[Cryptography] replacing the whole sodding lot
guido at witmond.nl
Wed May 6 02:02:41 EDT 2015
On 05/05/15 08:17, Tom Ritter wrote:
> On 4 May 2015 at 19:09, ianG <iang at iang.org> wrote:
>> One of the snarky predictions I made to the SSL/PKI/CA cabal when they
>> refused to respond to security issues was that at some point the whole lot
>> would be replaced. It took a while, but there are now some green shoots.
>> This is spectacularly good, and I will say that all of the nasty things I've
>> said about this company are forgiven. I'll still say them, but ALL is
> You can like QUIC as a TLS-replacement... but it doesn't change PKI.
> It's still rooted in CAs (modulo certificate pinning.)
There is no reason to assume there is *only one* way to set up a
We all know the flaws of the current setup, however, as I try to show
with Eccentric Authentication, that setup can be replaced with something
different! With different security properties.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the cryptography