Hacker News new | past | comments | ask | show | jobs | submit login
How fucked is SSL? (gist.github.com)
14 points by _nvs on June 12, 2013 | hide | past | favorite | 5 comments



TL;DR: If the CAs are compromised, the protocols they use are compromised.


Maybe some day curvecp will save us.


Yes, though I'm a little unclear on how the following technologies might work together to ... save us ... from the disastrous CA FUD:

http://curvecp.org/

https://en.wikipedia.org/wiki/Cjdns

http://www.waterken.com/dev/YURL/

I'm looking into cjdns, but I'm sure it's a lot of work establishing a peer network.

YURLs look very promising, if browser manufacturers would get a clue and support it (tho the CAs would surely howl).

I realize that "most people" want to type simply "bankoftheuniverse.com" and know they're at the "real" site, but I think Zooko's triangle has something to say about that, and those people may need to grow up a bit and just bookmark a yurl or something. Besides, many people will find bankoftheuniverse.com through a search engine anyway, and as long as they sign up at the real site the first time, they'll be fine thereafter (i.e. the ssh model).


dnscurve is also pretty neat. Haven't looked at cjdns or yurl. Thanks for the links!


Google uses Perfect Forward Secrecy: http://googleonlinesecurity.blogspot.com/2011/11/protecting-...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: