[cryptography] ssh-keys only and EKE for web too (Re: preventing protocol failings)
James A. Donald
jamesd at echeque.com
Sat Jul 16 02:50:47 EDT 2011
Peter Gutmann stated..
> > The person that I quoted in my message is effectively Mr.NSS. I'd say
> > his
> > statement is fairly authoritative
On 2011-07-16 4:16 AM, =JeffH wrote:
> my understanding is that that is no longer the case.
We have a massive crisis (phishing) which Eke can solve, and
certificates cannot solve.
We see absolutely zero interest in integrating eke from people who write
web server software and people who write browsers. Indeed, more
generally, we see very little interest in any cryptographic technology
that would cut into the business model of the CAs.
The replacement of one guy is unlikely to change this. What he said is
a manifestation of the problem, not the cause of the problem.
More information about the cryptography