[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CryptoSeal shutters, ala: LavaBit

To: Kyle Maxwell <[email protected]>
Subject: CryptoSeal shutters, ala: LavaBit
From: [email protected] (coderman)
Date: Mon, 21 Oct 2013 20:57:18 -0700
Cc: "[email protected]" <[email protected]>
In-reply-to: <CAESvgEpewmePn+GHuFuWjhkpCJOy23aPuW8R1k+BTyfHxjMsXw@mail.gmail.com>
References: <CAD2Ti28ibJ6=yJnUekw7ww989rAp+Kw+gJ4fgAtpve4JzgcDjA@mail.gmail.com> <[email protected]> <CAESvgEpewmePn+GHuFuWjhkpCJOy23aPuW8R1k+BTyfHxjMsXw@mail.gmail.com>

On Mon, Oct 21, 2013 at 8:09 PM, Kyle Maxwell <[email protected]> wrote:
> ...
> So how do you propose that a provider perform SSL without keeping
> their private cert?

change it every day.  i know every CA i've used allows unlimited
re-issue once purchased.

every time you hand it over, change it.

enforce forward secrecy, allow no non-forward secret suites. this is critical.

problem solved..
 ...they will however treat this as contempt of court - the escalation
would be infinitely interesting!

fuck this bullshit, i can't convey my contempt for this practice
(private keys via pen/trap register order) enough...

Follow-Ups:
- CryptoSeal shutters, ala: LavaBit
  - From: [email protected] (coderman)
- CryptoSeal shutters, ala: LavaBit
  - From: [email protected] (grarpamp)

References:
- CryptoSeal shutters, ala: LavaBit
  - From: [email protected] (grarpamp)
- CryptoSeal shutters, ala: LavaBit
  - From: [email protected] (Jim Bell)
- CryptoSeal shutters, ala: LavaBit
  - From: [email protected] (Kyle Maxwell)

Prev by Date: CryptoSeal shutters, ala: LavaBit
Next by Date: CryptoSeal shutters, ala: LavaBit
Previous by thread: CryptoSeal shutters, ala: LavaBit
Next by thread: CryptoSeal shutters, ala: LavaBit
Index(es):
- Date
- Thread