[cryptography] trustable self-signed certs in a P2P environment (freedombox)

Trevor Perrin trevp at trevp.net
Wed Nov 30 15:26:38 EST 2011


On Wed, Nov 30, 2011 at 12:11 PM, Adam Back <adam at cypherspace.org> wrote:
> Its rather common for people with load balancers and lots of servers serving
> the same domain to have multiple certs.

> On Wed, Nov 30, 2011 at 12:05:29PM -0800, Peter Eckersley wrote:
>> Perspectives/Convergence suffer from the problem that there is no way to
>> tell the difference between "the server was reinstalled and now has a new key"
>> and "the whole world sees an attack in progress".

There's a Convergence proposal to address the above issues, but it
requires some effort by the site:

https://github.com/moxie0/Convergence/wiki/TACK


Trevor



More information about the cryptography mailing list