None of the Above (![[info]](http://klab.lv/img/userinfo.gif){kind=small} artis) rakstīja,@ 2013-06-16 18:19:00 |
 |
 |
 |
|
|
|
|
|
|
 |
|
 |
Ieraksts tikai kiberpankiem.
Kripto pasaule ir dziļa bēdu ieleja. Sākot ar autentifikāciju: the trust model of CAs is broken (thx, Comodohacker, _NSAKEY). A strange world: you're better of trusting yourself (i.e., verifying fingerprints vs. placing trust in your CA store). Cert-pinning nav scalable. OK, ceram uz DNSSEC+DANE, vai kaut ko a la Convergence/Perspectives. But how many OSes come with a validating resolver? Yeah. We're moving at glacial speed. Pat ja uz brīdi ignorē CA problēmu, arī protokolu līmenī: we haven't even ditched SSL yet! Labi, var teikt, ka cilvēki ir beidzot ieslēguši crypto. Pirms tam kaut ko muldēja par "impact on performance". Prior to FireSheep all major sites were positively "transparent". Cik pārklūku atbalsta >TLS 1.0? Welcome to the world of BEAST, CRIME and Lucky 13. How do we mitigate BEAST? Oh, I know, let's prioritize an RC4 cipher! Yeah... Arī ja palasa OpenSSL kodu, jāsāk ticēt Bilam Binijam. Protams, kļūdai nav obligāti jābūt that far up the chain.
Cerams, ka tas ir trauksmes zvans, kas pamudinās skudru pūzni. Līdzīgi kā reizē ar alleged IPSec backdoor in OpenBSD. Par anonimitāti var aizmirst, ja nav atrisinātas pamatproblēmas: security is a prerequisite of privacy, and not vice versa.
Kripto pasaule ir dziļa bēdu ieleja. Sākot ar autentifikāciju: the trust model of CAs is broken (thx, Comodohacker, _NSAKEY). A strange world: you're better of trusting yourself (i.e., verifying fingerprints vs. placing trust in your CA store). Cert-pinning nav scalable. OK, ceram uz DNSSEC+DANE, vai kaut ko a la Convergence/Perspectives. But how many OSes come with a validating resolver? Yeah. We're moving at glacial speed. Pat ja uz brīdi ignorē CA problēmu, arī protokolu līmenī: we haven't even ditched SSL yet! Labi, var teikt, ka cilvēki ir beidzot ieslēguši crypto. Pirms tam kaut ko muldēja par "impact on performance". Prior to FireSheep all major sites were positively "transparent". Cik pārklūku atbalsta >TLS 1.0? Welcome to the world of BEAST, CRIME and Lucky 13. How do we mitigate BEAST? Oh, I know, let's prioritize an RC4 cipher! Yeah... Arī ja palasa OpenSSL kodu, jāsāk ticēt Bilam Binijam. Protams, kļūdai nav obligāti jābūt that far up the chain.
Cerams, ka tas ir trauksmes zvans, kas pamudinās skudru pūzni. Līdzīgi kā reizē ar alleged IPSec backdoor in OpenBSD. Par anonimitāti var aizmirst, ja nav atrisinātas pamatproblēmas: security is a prerequisite of privacy, and not vice versa.
Nopūsties:
