User: Password:
|
|
Subscribe / Log in / New account

Bazaar on the slow track -- Montone gets too little attention

Bazaar on the slow track -- Montone gets too little attention

Posted Sep 18, 2012 20:23 UTC (Tue) by graydon (guest, #5009)
In reply to: Bazaar on the slow track -- Montone gets too little attention by jackb
Parent article: Bazaar on the slow track

I agree. My hunch (currently exploring in code) is that a more useful model involves defining trust in reference to cross-validation between multiple private small-group communication-histories. Put another way: identity should adhere to evidence concerning communication-capability (and the active verification thereof), not evidence of decrypting long-lived keys. Keys should always be ephemeral. They'll be broken, lost or stolen anyways; best to treat them as such.

(Keep in mind how much online-verification comes out in the details of evaluating trust in our key-oriented PKI system anyways. And how often "denying a centralized / findable verification service" features in attack scenarios. Surprise surprise.)

So, I also expect this will require -- or at least greatly benefit from -- a degree of "going around" current network infrastructure. Or at least a willingness to run verification traffic over a comfortable mixture of channels, to resist whole-network-controlling MITMs (as the current incarnation of the internet seems to have become).

But lucky for our future, communication bandwidth grows faster than everything else, and most new devices have plenty of unusual radios.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds