Reply to post: Re: Not https as it is right now

Finally, Mozilla looks at moving away from 'insecure' HTTP. Maybe

DrXym

Re: Not https as it is right now

"What about government MITM using the actual key, which they can co-opt? They can flood a web of trust and spoof any lighthouse sites, too."

With far greater difficulty. If I sign a key with one CA they just have to subvert that CA to spoof my cert. If my key is signed with multiple CAs, or with other sites then they have to subvert all those sites.

If they don't then my browser will complain the key looks different from the last time. Or it will complain that it looks different to the one on the lighthouse. Someone will notice.

It'd probably be best if the lighthouses were federated and there were many to choose from across geographic boundaries. Even an unsigned keys would benefit from fingerprint checks and it could offer a measure of protection from MITM attacks.

Nothing is perfect of course so it would be vital to go through every use case and attack angle - key creation, issuance, expiration, fingerprinting, signing, verification, revocation etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon