InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

New reflections on Perspectives and notaries ?

https://forums.informaction.com/viewtopic.php?t=19543

Page 1 of 1

New reflections on Perspectives and notaries ?

Posted: Sun Apr 13, 2014 1:03 am
by morganism
are we going to re-examine the notaries question now that SSL is seriously broken?

http://www.networknotary.org/firefox.html

I can't believe that the open ended string was in TLS !

There is also a 'reverse heartblood"

http://blog.meldium.com/home/2014/4/10/ ... heartbleed

and some history

https://blog.torproject.org/blog/detect ... -collusion

Re: New reflections on Perspectives and notaries ?

Posted: Mon Apr 14, 2014 3:28 am
by Thrawn
Actually TLS is in the process of being fixed.

And Perspectives wouldn't help very much against this, because even if you're using the correct certificate, someone who has stolen the private key can read your traffic on the wire, just like the true server can.

Re: New reflections on Perspectives and notaries ?

Posted: Thu Apr 24, 2014 2:45 pm
by dhouwn
An issue is that certificates can't be reliably revoked. Perspectives might help with that a bit?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited