[cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)

Ralph Holz holz at net.in.tum.de
Sun Jan 6 08:29:46 EST 2013


>> Certificate Transparency is a real security measure that is a response by a
>> browser vendor.
> 
> So the response to the repeated failure of browser PKI is PKI-me-harder.  
> Yeah, that's really going to make users safer.

I don't see why CT is PKI-me-harder. EV or BR would fall into that
category. But why CT? It is a very useful monitoring tool, and has some
advantages over Sovereign Keys.

Ralph

-- 
Ralph Holz
Network Architectures and Services
Technische Universität München
Phone +49 89 28918043
http://www.net.in.tum.de/de/mitarbeiter/holz/
PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF



More information about the cryptography mailing list