Re: end of useable crypto in browsers?

[Reindl Harald <h.reindl () thelounge net>]

Am 14.04.2016 um 00:54 schrieb Sebastian:
> > The browser developers have just decided that the trust relationship
> > architecture of the virtual world will be driven by the copyright
> > dinosaurs  from now on, by pulling off platform support from under those
> > who were experimenting with building meaningful trust models with the
> > admittedly few tools we already had.
> > [...]
> > The sociological and political fabric of society fundamentally depends
> > on our communication abilities. The future of our communication
> > abilities in turn depends on the communication platforms and the trust
> > relation models they support.
>
> That's true. But the keygen element is flawed by the known-broken CA
> system(*) and you can't build a secure house on a broken foundation. You
> could check whether the certificate for your site is issued by your CA,
> but if the can issue certificates they could simply attack your browsers
> updater. Our only hope for truly secure communication are tools like pgp
> combined with anonymity through for example TOR or freenet (not the ISP)

how do you come to the conclusion that you need any 3rd party CA for a 
client certificate which you accept on your server?

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/