[cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)
holz at net.in.tum.de
Sun Jan 6 08:29:46 EST 2013
>> Certificate Transparency is a real security measure that is a response by a
>> browser vendor.
> So the response to the repeated failure of browser PKI is PKI-me-harder.
> Yeah, that's really going to make users safer.
I don't see why CT is PKI-me-harder. EV or BR would fall into that
category. But why CT? It is a very useful monitoring tool, and has some
advantages over Sovereign Keys.
Network Architectures and Services
Technische Universität München
Phone +49 89 28918043
PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF
More information about the cryptography