and not a single Tor hacker was surprised...

Guido Witmond guido at witmond.nl
Sun Jan 26 09:44:58 PST 2014 

On 01/25/14 20:09, coderman wrote:
> On Sat, Jan 25, 2014 at 7:53 AM, Guido Witmond <guido at witmond.nl>
> wrote:
>> ... Client certificates are part of my answer to MitM attacks.
>> 
>> The other part is to forget about third-party CA's.
> 
> my heart a twitter already!
> 
> (these are the key points, and you hit them first.)

Lurking at several cryptography mailing lists, gave me some hints :-)



>> See http://eccentric-authentication.org/ to read more.
>> 
>> I'd love to hear comments.
> 
> i've come across this on other lists, and will one day provide a 
> better response.  my initial feedback relates to:
> 
> - supported suites.  NULL encryption is still a valid TLS mode!

1st. Although NULL encryption is a problem, I expect that most
crypto-toolkit developers will disable these in their default
configuration. From there it will bubble up the stack into the
distributions. That's a lesson that NSA has thought us: make defaults safe!


2nd. There is nothing in eccentric authentication that specifies one
branch of public key mathematics  over another. I deliberately leave the
choice of either RSA, EC, or others out. As I'm not a cryptographer, I
can't make that decision. I do specify what I expect the protocol needs
to accomplish. It's up to the experts to match the appropriate parts. My
prototype used RSA/TLS/DNSSEC


> 
> - end-point security (each site acting as a CA is like every bitcoin 
> user acting as a bank. you've elevated the threat model on the 
> unsuspecting.)

Not really. Each site signs only for itself. There is no need to trust
anything else than your own systems (Or the hoster who does the work for
you). That trust level is already needed for every current web site.

In fact, with a proper setup, the Root certificate's private key for the
site does not live at the server, for signing, it uses a subRoot.

Now when the site gets hacked, the hackers can create more accounts for
themselves or invalidate other peoples' accounts. But the attackers can
never impersonate any of the sites user accounts at other sites, as
these use their own signing key. I believe it is more safe than hashing
passwords.

The more worrisome part are the end-users' computers. The Posix-model is
not designed to protect users against themselves. Although, every user
expects that to be the case. Things like microkernels, Capsicum,
Qubes-OS, Genode, Pola, least authority designs are in DIRE need.

> 
> - Namecoin and other decentralized alternatives to DNSSEC.
> 

DNSSEC might be just as difficult as IPsec, or its private key might
have already been leaked to NSA due to compromised hardware. We need to
have alternatives.

The eccentric-protocol can use other global unique naming schemes. The
requirements are: easy and cheap enough so every website can get a
unique and human memorize-able name. Namecoin might fit the
requirements, or GNS (GnuNet).


I hope this sparks the curiosity.

With regards, Guido.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140126/3132e576/attachment-0002.sig>

More information about the cypherpunks mailing list