BlackHat USA 2011: SSL And The Future Of Authenticity
Top Comments
All Comments (49)
-
The whole concept of "perspectives" is great! The problem is not that there's no ideas about securing the internet, but the businesses are the ones who make this difficult for their own advantage. User is initiating the trust with authorities that they trust, this means that they can change their mind making companies care about improving security.
-
@Clayne151 I would imagine, given the limited number of notaries at the moment, that convergence bootstraps with inbuilt certificates for those notaries.
-
@robzyboy Um, if you're saying "What is all the notaries see a bad certificate?", yes, that's bad. But that's not far from the site being compromised, or at least entirely 'masked' by an attacker. A notary that checked against the CA system would solve that case, and give you a smart hybrid, as in the last few slides. 'Easy'.
-
The addon is not signed by FF; its not available from the FF repo; the convergence.io site doesn't have a cert not even self signed; There is no md5 sum for the addon ... how do i download his FF addon securely??
-
Is there something that stops (for example) my access-provider to simply MITM all the connections to the notarys + the website?
It seems the authenticity of the notaries also need to be verified, but how?
-
this seems like it might be a good intermediate step before it becomes completely distributed. as for example Namecoin. this is basically a distributed DNS server with certificates included. in order to circumvent this system you have to have the majority of computing power. i think this is the future. if not Namecoin exactly then some variant of it. but before we are ready for this Convergence definitely seems like an improvement.
-
greatest intro ever. haven't even gotten to the actual talk.
-
pure revelation! EFF is also on the whole SSL alterantive! googleit
-
This should be required for anyone who has ever installed an SSL cert.
-
Great talk Moxie. Thanks for writing the Convergence system and taking the time to educate so many people.
Please people, listen to this genius !
jeroeniskoning 5 months ago 11
What if the MITM is on the same network as the website you're trying to verify?
robzyboy 4 months ago 5