Re: [IAB] Mandatory encryption as part of HTTP2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hannes Tschofenig wrote:

> I know that it is very popular to bash the PKI system but there are
> security differences between an anonymous DH and PKI deployment that
> provides server-side authentication.

Assuming active MITM attacks both on ISP chains and CA chains,
what, do you think, are the differences?

A concrete example is especially welcome.

Note that we, none US citizens, must expect such attacks, because
active MITM attacks of NSA on people without US citizenship are,
under US legislation, even legal.

> And: Keep in mind that we have various activities in the IETF ongoing
> that help to improve the security of the PKI.

As PKI is fundamentally insecure against active attacks, there is
no point of improving it.

I do realize stupidity level of IETF, especially on DNSSEC.

						Masataka Ohta





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]