A Few Thoughts on Cryptographic Engineering

Discussion in 'privacy technology' started by Minimalist, Jul 2, 2017.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,520
    Location:
    Slovenia
    https://blog.cryptographyengineering.com/2017/07/02/beyond-public-key-encryption/
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,385
    I'm glad to see the new post by MG on his blog which has been quiet for some time.

    My RSS feed to his website still does not work.

    -- Tom
     
  3. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,082
    If people used their public key finger print more it might help. For example if I used it as my SIG on my forum posts anyone could compare that with a public key someone claiming to be me sent them.
    Websites could have a second domain name, their cert fingerprint.com. They could publish both URLs anywhere including their site and on printed literature, business cards etc. The security conscious could use the secure url. A browser addon could easily verify that the site cert matches the fingerprint URL prior to TLS negotiation.
     
Loading...