[Freedombox-discuss] Man-in-the-middle detection for SSL/TLS
Bob Mottram
bob at robotics.uk.to
Wed Jun 15 16:50:28 UTC 2016
On Wed, Jun 15, 2016 at 12:26:53PM -0400, Sandy Harris wrote:
>This looks like a good thing to add to the Box, though there are other
>attempts to solve the same problem & for all I know one of them might
>be better, or we might need more than one.
>https://medium.com/@BeameDevelopers/pki-for-the-people-a-beame-io-research-project-6673e4811ef6#.cogk1w737
>
>Certainly we need to do something about certificate problems. Security
>is a central goal for the Box and TLS with the default certification
>infrastructure is not even close.
That kind of monitoring system might be of interest, but if security is
a prime concern then just use onion addresses and you can then drop the
dubious CA system entirely. The only issue there would be that boxes
would not be visible except with a Tor browser or other browser proxied
through Tor.
Another more radical approach might be to make FreedomBox just a
convenient way of running an always active ZeroNet node, which can then
provide various distributed and encrypted services such as blog, email,
wiki, forums, etc. I know that wouldn't fit with being a debian pure
blend though. ZeroNet can also be routed through Tor.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20160615/8fbb47d1/attachment.sig>
More information about the Freedombox-discuss
mailing list