2014-07-07 12:13 GMT-08:00 Andrea Zwirner <and...@linkspirit.org>: > Can you proof it? > > Or maybe, you can tell the list what the attached image - that is > encrypted with Moritz Muehlenhoff's and Florian Weimer's public keys - > represent? > > Cheers (and thanks Mr. Moritz and Mr. Florian - who were the only I had > in my keyring - to accept being the judges of the challenge). :-) >
I am very new with crypto, but I do not think he will be able to prove it with cryptography such as is used in modern browsers, maybe in ECB mode as described here: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic%20codebook%20%28ECB%29 HTTPs hardly solves any problem with state-level monitoring, I don't think, after all, CAs can be compelled to produce certs, or even compromised (e.g. http://googleonlinesecurity.blogspot.co.nz/2014/07/maintaining-digital-certificate-security.html ) Implementing cert pinning OTOH, that might be better.
