[cryptography] trustable self-signed certs in a P2P environment (freedombox)

Peter Eckersley pde-lists at eff.org
Wed Nov 30 15:05:29 EST 2011

Perspectives and Convergence are one effort to do this (what key do other
people see on this server?).  MonkeySphere is another (which humans in a web
of trust will vouch that this is the right key for this server?).

Perspectives/Convergence suffer from the problem that there is no way to tell
the difference between "the server was reinstalled and now has a new key" and
"the whole world sees an attack in progress".  The former is more common but
the second can also occurr.

MonkeySphere has the problem that the web of trust has to be enormous before
it's likely that you can build a chain to the admins of all of the websites
you visit.

On Wed, Nov 30, 2011 at 01:30:03PM +0100, Eugen Leitl wrote:
> I presume many here are aware of the Eben Moglen-started
> FreedomBox initiative, which sets out to build a Debian 
> distro for lplug computers and similar which will package 
> many existing tools for the end result of an end-user 
> owned and operated, anonymizing and censorship-resistant 
> infrastructure.
> One of the problems I did not see well-addressed yet is
> infrastructure for a cert trust network, which uses social
> graph information (FreedomBox is supposed to package a P2P
> alternative to Facebook & Co) for cert fingerprint validation.
> Is anyone aware of existing code which caches SSL cert
> fingerprints and alerts when one suddenly changes, informing
> of a potential MITM in progress?
> Thanks.
> -- 
> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
> ______________________________________________________________
> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
> 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography

Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

More information about the cryptography mailing list