[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tor-talk] x.509 for hidden services

To: [email protected]
Subject: [tor-talk] x.509 for hidden services
From: [email protected] (James A. Donald)
Date: Mon, 28 Oct 2013 10:07:17 +1000
In-reply-to: <CAAS2fgRt1PV=_SZHDKrc5o2Z8OsDdSBLiKT1CwSOdVHRmdFnWA@mail.gmail.com>
References: <CAAS2fgRt1PV=_SZHDKrc5o2Z8OsDdSBLiKT1CwSOdVHRmdFnWA@mail.gmail.com>

x.509 is intended to associate a non human readable public key with a 
human readable globally unique user name.

You hope to associate a reputation with that globally unique user name.

x.509 does not actually work, as the phishers routinely demonstrate.

People are used to logging into their bank, and getting slung from one 
certificate to the next, none of the certificates having much 
resemblance to the name of their bank.

Further, the process of getting and installing an x.509 public key is 
too horrid for the ordinary end user to deal with.

Use zooko's triangle.  Associate reputation with a public key, and 
present to the user not the public key, but the account of the owner of 
that public key on the reputation server that curates the reputational 
information.

References:
- [tor-talk] x.509 for hidden services
  - From: [email protected] (Gregory Maxwell)

Prev by Date: [tor-talk] x.509 for hidden services
Next by Date: [Freedombox-discuss] Dumb idea: Alternative to Tor that promotes good behavior
Previous by thread: [tor-talk] x.509 for hidden services
Next by thread: [liberationtech] Defeating massive wiretapping with opportunistic, unauthenticated encryption in HTTP ?
Index(es):
- Date
- Thread