[cryptography] ssh-keys only and EKE for web too (Re: preventing protocol failings)

James A. Donald jamesd at echeque.com
Sat Jul 16 02:50:47 EDT 2011


Peter Gutmann stated..
> > The person that I quoted in my message is effectively Mr.NSS. I'd say
> > his
> > statement is fairly authoritative

On 2011-07-16 4:16 AM, =JeffH wrote:
> my understanding is that that is no longer the case.

We have a massive crisis (phishing) which Eke can solve, and 
certificates cannot solve.

We see absolutely zero interest in integrating eke from people who write 
web server software and people who write browsers.  Indeed, more 
generally, we see very little interest in any cryptographic technology 
that would cut into the business model of the CAs.

The replacement of one guy is unlikely to change this.  What he said is 
a manifestation of the problem, not the cause of the problem.




More information about the cryptography mailing list