

How fucked is SSL? - _nvs
https://gist.github.com/alex/5760270/

======
mosqutip
TL;DR: If the CAs are compromised, the protocols they use are compromised.

------
stock_toaster
Maybe some day curvecp will save us.

~~~
fexl
Yes, though I'm a little unclear on how the following technologies might work
together to ... save us ... from the disastrous CA FUD:

[http://curvecp.org/](http://curvecp.org/)

[https://en.wikipedia.org/wiki/Cjdns](https://en.wikipedia.org/wiki/Cjdns)

[http://www.waterken.com/dev/YURL/](http://www.waterken.com/dev/YURL/)

I'm looking into cjdns, but I'm sure it's a lot of work establishing a peer
network.

YURLs look very promising, if browser manufacturers would get a clue and
support it (tho the CAs would surely howl).

I realize that "most people" want to type simply "bankoftheuniverse.com" and
know they're at the "real" site, but I think Zooko's triangle has something to
say about that, and those people may need to grow up a bit and just bookmark a
yurl or something. Besides, many people will find bankoftheuniverse.com
through a search engine anyway, and as long as they sign up at the _real_ site
the first time, they'll be fine thereafter (i.e. the ssh model).

~~~
stock_toaster
dnscurve is also pretty neat. Haven't looked at cjdns or yurl. Thanks for the
links!

------
rasterizer
Google uses Perfect Forward Secrecy:
[http://googleonlinesecurity.blogspot.com/2011/11/protecting-...](http://googleonlinesecurity.blogspot.com/2011/11/protecting-
data-for-long-term-with.html)

