[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor for everyone; introducing Eccentric Authentication

On 02/22/2016 04:03 PM, Guido Witmond wrote:

> If either the blogger or responder wishes to send a private message,
> they can use the others' persons public key after validating there is no
> MitM. Message transport goes through the site. After a few round trips
> of messages, there is certainty there is no MitM.

The website http://eccentric-authentication.org/ says:
> With the use of DNSSEC and a validation service to check that each
> certificate is issued only once we can prevent Man-in-the-Middle
> attacks

Could you explain how you validate that there is no MitM, and why a few
round trips would make this certain?  Do we not have to trust the
validation service not to issue more than one certificate?  I.e., the
website or validation service can be the MitM.

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to