[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TOR bundle on hostile platforms: why?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] TOR bundle on hostile platforms: why?
From: Guido Witmond <guido@xxxxxxxxxx>
Date: Thu, 08 Aug 2013 10:41:33 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 08 Aug 2013 04:56:46 -0400
In-reply-to: <5202CACF.6060105@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <52028230.1000302@xxxxxxxxxxxx> <20130807183212.GC543@loar> <52029ACC.6090204@xxxxxxxxxxxx> <5202B3D0.6050806@xxxxxxx> <5202B9A7.7070408@xxxxxxxxxxxx> <5202CACF.6060105@xxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130704 Icedove/17.0.7

On 08-08-13 00:31, z0rc wrote:
> Have you heard of this?
> 
> http://www.zdnet.com/nsa-spying-trust-the-pki-or-its-anarchy-on-the-internet-7000018946/

Quoting from the article:

> No, your choices are to trust all those big, bad corporations or 
> anarchy. I don't think that's hyperbole; an Internet without a CA
> system today would be anarchy. Nobody could perform any sensitive
> operations like banking and you'd be nuts even to do email on it. So >
just accept that you have to trust Microsoft and Symantec and, for
> what it's worth, the NSA.

That's what I'm trying to address with my protocol. [0]

I've come up with a way that lets each web site run its *own*
certificate signer. It signs the server certficate and puts that into
DNSSEC with DANE. This removes the need for trusted third parties.

That same certificate signer also signs client certificates. The client
certificate is the *account* at the site.

As the web browser can validate the server certificate at connect time,
it can check that the server certificate root matches with the client
certificate root. Only if they match, the browser will log in.

No need to trust anyone. Verification is at the heart of the protocol.
In fact, users won't see the crypto at all.[1]

The proof of concept is in a web proxy and you test it at [2]

Guido.

[0]
http://eccentric-authentication.org/eccentric-authentication/five-minute-overview.html
[1]
http://eccentric-authentication.org/eccentric-authentication/design-goals.html
[2] http://eccentric-authentication.org/blog/2013/06/07/run-it-yourself.html
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] TOR bundle on hostile platforms: why?
  - From: Ivan Zaigralin
- Re: [tor-talk] TOR bundle on hostile platforms: why?
  - From: Lunar
- Re: [tor-talk] TOR bundle on hostile platforms: why?
  - From: Ivan Zaigralin
- Re: [tor-talk] TOR bundle on hostile platforms: why?
  - From: Antispam 06
- Re: [tor-talk] TOR bundle on hostile platforms: why?
  - From: Ivan Zaigralin
- Re: [tor-talk] TOR bundle on hostile platforms: why?
  - From: z0rc

Prev by Author: Re: [tor-talk] Many more Tor users in the past week?
Next by Author: [tor-talk] Tor User Groups
Previous by thread: Re: [tor-talk] TOR bundle on hostile platforms: why?
Next by thread: Re: [tor-talk] TOR bundle on hostile platforms: why?
Index(es):
- Author
- Thread