On 24/02/16 22:10, Lachlan Gunn wrote:
> I mean in the sense that it's a lot easier for someone doing MITM to
> transparently rewrite the signatures in an email than it is to
> transparently detect that you are reading the verification code and then
> replace it with a synthesised version without b
> It's interesting you're using "biometric" as a qualifier implying something
> "good". I wouldn't agree.
I mean in the sense that it's a lot easier for someone doing MITM to
transparently rewrite the signatures in an email than it is to
transparently detect that you are reading the verification c
On 24/02/16 21:41, Lachlan Gunn wrote:
> The idea is to see whether we can make something with security between the
> WoT and "download a random key and see what happens" that doesn't require
> user intervention. Whether this would be too burdensome remains to be seen.
Thanks for the explanation.
> I haven't looked at the links yet, but what is your purpose? Do you want
> to detect rogue keyservers in the keyserver network, or perhaps attacks
> on keyservers?
Essentially I'm looking to see if it's possible to make a secure
directory service, for some definition of secure, even against
pers
I haven't looked at the links yet, but what is your purpose? Do you
want to detect rogue keyservers in the keyserver network, or perhaps
attacks on keyservers?
There is no need to trust keyservers in the Web of Trust, or even in
TOFU (as I assume in the latter you got a signed message from the
Hello,
Sorry to bring this thread back from the dead, but now that I have a
preprint out I can elaborate a bit more on my motivations for this
previous discussion.
I've spent a little bit of time investigating the use of Tor to create
an interactive protocol for auditing keyservers, the idea bein
