[HacktionLab] FYI: Free certificate authority

johnc johnc at aktivix.org
Fri Nov 21 14:14:00 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I've some sympathy with this point of view although there are currently
only a few usable alternatives. Moxie's social notary approach is
interesting but still possible to game by creating loads of fake
approvals of a bogus cert, (Cybil attack). The Monkeysphere approach
seems quite promising and there is a browser plugin for firefox also.

I stumbled across namecoin lately which attempts to do decentralised DNS
as well as providing a distributed way of storing the SHA1 fingerprint
of a self signed SSL certificate. It's a fork of bitcoin and everything
is stored in the blockchain. You can register new domains with the .bit
TLD. There is a firefox browser plugin.

See link below for more info.
http://www.freespeechme.org/how-to-register-dot-bit-domains/

I was thinking of seeing how easy it would be to configure other
applications to use this.

Cheers,
John


On 21/11/14 09:17, ekes wrote:
> On 21/11/14 10:06, Christian Wach wrote:
>> On 20 Nov 2014, at 19:52, Charlie Harvey <charlie at newint.org> wrote:
>>
>>> Saw this and thought of the hacktionlab:
>>> https://www.schneier.com/blog/archives/2014/11/a_new_free_ca.html
>>>
>>> "Announcing Let's Encrypt, a new free certificate authority. This is a
>>> joint project of EFF, Mozilla, Cisco, Akamai, and the University of
>>> Michigan."
>>
>> What do you think of this counter-argument?
>>
>> <https://www.linkedin.com/today/post/article/20141120073425-26662417-why-i-won-t-be-using-let-s-encrypt-and-recommend-other-not-to-also>
> 
> tl;dr X.509 is broken so we shouldn't dirty ourselves by lending it any
> more credence. To encourage people use it gives them a false sense of
> security.
> 
> Maximalist position that doesn't give people the, actually real, layer
> of protection they could get now; and working for an alternative doesn't
> negate getting more people to use the agreed standard at the moment.
> 
> ekes
> 
> 
> _______________________________________________
> HacktionLab mailing list
> HacktionLab at lists.aktivix.org
> https://lists.aktivix.org/mailman/listinfo/hacktionlab
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBAgAGBQJUb0ioAAoJELy1jPQ1KER7vlkP/iPAY7pNwEs/0Q8jlLnVG+6W
3IDX1H3Enfn3m8jDdfz9l8as3WJMOw3qEH60ALhNOMwiSmaIUuuQBh/sjGFx7bqf
A6966KwKrV2uJpKxHjgEae2Kof/+h7jC/YD0/+WHM4ygq4C8aD5oRI1MKZQORS8D
edCS0l0q1MYy2yMski8OeqCC5JpxwSVPZwH/ZOA7sdpjRe2xNHuo0tQUMW6ADEsp
FN2vSnOShXOnsbjA1dHgrwSkow0GsNIZcOtUtJBtc0tX8Yi19cP1yzjzN0KSzTaT
tt51MiDVgHql2ETutrG/Z1jPdCIA0thDXNaOoZRD1UzgR3L9kBu4lLGFXDYZUlAA
yfubevadZKM0bSMj3iygUllGqYrEWbG9dM/1SWptYKOT0c02RpB7OOMCzsDqvh8m
23n2vjSLydrneyE5yQXKIKFHCwy4dNsQ8As2GRyHUqlH8RpY5/YEWcZ3tupAoQOi
xpcR4JTWGfrqV1ywhTrMXLzQI8jHYpofj8NzfdbrYkW8LQSGsKN/ZyVnSsNR1k3j
PfIoGwcZAQb4kBkSgjy8+rn/JtxMSS9/tjV5lTtICTUJtTtRZAzbc5joOJwuwlaT
suU5nRG/AmoN7oc8kskTFeowKF2QDzv9xB4P1gh1bCCGAnw1UmICIt+kjITphUPo
WHJCmFbj8u6xXoKQW9CV
=nkk6
-----END PGP SIGNATURE-----

More information about the HacktionLab mailing list