Re: [IAB] Mandatory encryption as part of HTTP2

ietf

Re: [IAB] Mandatory encryption as part of HTTP2

2013-11-17 16:43:53

Hannes Tschofenig wrote:

I know that it is very popular to bash the PKI system but there are
security differences between an anonymous DH and PKI deployment that
provides server-side authentication.


Assuming active MITM attacks both on ISP chains and CA chains,
what, do you think, are the differences?

A concrete example is especially welcome.

Note that we, none US citizens, must expect such attacks, because
active MITM attacks of NSA on people without US citizenship are,
under US legislation, even legal.

And: Keep in mind that we have various activities in the IETF ongoing
that help to improve the security of the PKI.


As PKI is fundamentally insecure against active attacks, there is
no point of improving it.

I do realize stupidity level of IETF, especially on DNSSEC.

                                                Masataka Ohta

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Number of CAs (was: Mandatory encryption as part of HTTP2), (continued) Re: Number of CAs (was: Mandatory encryption as part of HTTP2), SM Re: Number of CAs (was: Mandatory encryption as part of HTTP2), Yoav Nir Re: Number of CAs (was: Mandatory encryption as part of HTTP2), Phillip Hallam-Baker Re: Number of CAs (was: Mandatory encryption as part of HTTP2), Paul Hoffman Re: Number of CAs, Masataka Ohta Re: Number of CAs, Phillip Hallam-Baker Re: Number of CAs (was: Mandatory encryption as part of HTTP2), mutek Re: Number of CAs (was: Mandatory encryption as part of HTTP2), Phillip Hallam-Baker Re: [IAB] Mandatory encryption as part of HTTP2, Masataka Ohta Re: [IAB] Mandatory encryption as part of HTTP2, Hannes Tschofenig Re: [IAB] Mandatory encryption as part of HTTP2, Masataka Ohta <= Re: [IAB] Mandatory encryption as part of HTTP2, Hannes Tschofenig Re: [IAB] Mandatory encryption as part of HTTP2, Masataka Ohta Re: [IAB] Mandatory encryption as part of HTTP2, Phillip Hallam-Baker Re: [IAB] Mandatory encryption as part of HTTP2, Theodore Ts'o Re: [IAB] Mandatory encryption as part of HTTP2, Phillip Hallam-Baker Re: [IAB] Mandatory encryption as part of HTTP2, Yoav Nir Re: [IAB] Mandatory encryption as part of HTTP2, Masataka Ohta Re: [IAB] Mandatory encryption as part of HTTP2, Masataka Ohta Re: [IAB] Mandatory encryption as part of HTTP2, SM Re: [IAB] Mandatory encryption as part of HTTP2, Phillip Hallam-Baker

Previous by Date:	Re: Number of CAs, Masataka Ohta
Next by Date:	Re: [IAB] Mandatory encryption as part of HTTP2, Hannes Tschofenig
Previous by Thread:	Re: [IAB] Mandatory encryption as part of HTTP2, Hannes Tschofenig
Next by Thread:	Re: [IAB] Mandatory encryption as part of HTTP2, Hannes Tschofenig
Indexes:	[Date] [Thread] [Top] [All Lists]