Comment by itistoday2
11 years ago
Kudos to the EFF for making an easy-to-use tool to generate TLS certs!
Kudos also for creating the second CA to issue free certificates (the first being StartSSL).
The next step needs to be to man-in-the-middle (MITM) proof these certs. We still have to address that problem. We'll be talking about how the blockchain can be used to solve this problem tonight at the SF Bitcoin Meetup, if that interests you, you're welcome to come:
http://www.meetup.com/San-Francisco-Bitcoin-Social/events/18...
A primer can be found here: https://vimeo.com/100433057
The blockchain can't fix this problem - it's too large for most embedded devices, which do matter. It isn't a solution just because it's a 'cool new crypto idea' to every problem on the planet. Just because something uses crypto doesn't mean adding the blockchain to it makes it any better.
Hmm, I'm not sure exactly how the parent intends using it, but isn't something like the blockchain (i.e. a publicly auditable log of all changes to certificates) already being proposed for improving the current PKI infrastructure? Also, is the problem you have for embedded devices that they can't afford to download, store, and verify the full bitcoin block-chain? Surely there are compromise solutions that could be made? Not denigrating your comment btw, it's an interesting observation!
> The blockchain can't fix this problem - it's too large for most embedded devices
That's a wise observation, which is why we are making it accessible to such devices over a MITM-proof connection via DNSChain:
https://github.com/okTurtles/dnschain