Comment by mangeletti
11 years ago
One possible solution is a BitCoin-like block chain of certificate proof, so that a website's certificate can be verified against the domain without a central authority.
11 years ago
One possible solution is a BitCoin-like block chain of certificate proof, so that a website's certificate can be verified against the domain without a central authority.
That doesn't even remotely work, who has the private keys to authorize the certificates?
What authorization is required in this scenario? I'm talking about a novel idea here, one that doesn't fit into the existing CA model. There would be no CA in this scenario; verification would be decentralized, based on shared information, not on knowledge of a secret.
I'm not sure web-of-trust can be considered a novel idea in 2014.
We can all look at the variety of web-of-trust methods to see how well that's taken off amongst internet users.
1 reply →
So, blockchain solutions do work, and here is how:
https://github.com/okTurtles/dnschain
You can replace all CAs with a single blockchain.
And we should do this, because this Let's Encrypt CA, while a great step forward, is still vulnerable to man-in-the-middle attacks, explained in this video:
https://vimeo.com/100433057