[Freedombox-discuss] [cryptography] trustable self-signed certs in a P2P environment (freedombox)
Eugen Leitl
eugen at leitl.org
Thu Dec 1 07:11:51 UTC 2011
----- Forwarded message from Trevor Perrin <trevp at trevp.net> -----
From: Trevor Perrin <trevp at trevp.net>
Date: Wed, 30 Nov 2011 12:26:38 -0800
To: Adam Back <adam at cypherspace.org>
Cc: cryptography at randombit.net
Subject: Re: [cryptography] trustable self-signed certs in a P2P environment
(freedombox)
On Wed, Nov 30, 2011 at 12:11 PM, Adam Back <adam at cypherspace.org> wrote:
> Its rather common for people with load balancers and lots of servers serving
> the same domain to have multiple certs.
> On Wed, Nov 30, 2011 at 12:05:29PM -0800, Peter Eckersley wrote:
>> Perspectives/Convergence suffer from the problem that there is no way to
>> tell the difference between "the server was reinstalled and now has a new key"
>> and "the whole world sees an attack in progress".
There's a Convergence proposal to address the above issues, but it
requires some effort by the site:
https://github.com/moxie0/Convergence/wiki/TACK
Trevor
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the Freedombox-discuss
mailing list