[Cryptography] Anonymous rendezvous (was Business opportunities in crypto)
Dave Howe
davehowe.pentesting at gmail.com
Thu May 6 07:07:47 EDT 2021
On 05/05/2021 17:04, Jerry Leichter wrote:
>> If you buy physical stuff on the basis of NewEgg reviews, you will
>> make pretty good buys.
>>
>> NewEgg has meta reputation for good curation of reviews, and reviews
>> on NewEgg have reputation by being on NewEgg.
> So NewEgg is a trusted third party: I believe the reviews because
> NewEgg curates them, and I believe that NewEgg does a good (and,
> importantly) honest job. OK.
Which seems reasonable; one of the nice things about personas that
aren't linked to your real identity is that they can STILL gain a
reputation, and this is where things like pgp signatures can come in
handy, to make fake comments attributed to your persona easier to detect.
>> What curation do CAs do? Having CA authorities in the middle does not
>> make the connection to the real world
>> better, it makes it worse.
> If you ask them, they check that someone claiming to be newegg.com
> <http://newegg.com> really *is* newegg.com <http://newegg.com>. Oh,
> they let a whole bunch of fakers through - and of course they accept
> zero liability when you rely on them? You shouldn't trust just
> ordinary certs - you should look for those special EV certs for which
> they charge a whole bunch extra - and still accept no liability. (Is
> anyone really still buying EV certs? It occurs to me that I haven't
> seen the green outline in quite some time.)
I think the browsers stopped bothering to highlight it, because for good
reasons, nobody cares. All an EV shows is that you spent more money on
the cert; it doesn't make it any more secure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210506/b205a660/attachment.htm>
More information about the cryptography
mailing list