[tor-talk] Tor for everyone; introducing Eccentric Authentication
krishna e bera
keb at cyblings.on.ca
Tue Feb 23 19:28:48 UTC 2016
On 02/22/2016 04:03 PM, Guido Witmond wrote:
> If either the blogger or responder wishes to send a private message,
> they can use the others' persons public key after validating there is no
> MitM. Message transport goes through the site. After a few round trips
> of messages, there is certainty there is no MitM.
The website http://eccentric-authentication.org/ says:
> With the use of DNSSEC and a validation service to check that each
> certificate is issued only once we can prevent Man-in-the-Middle
> attacks
Could you explain how you validate that there is no MitM, and why a few
round trips would make this certain? Do we not have to trust the
validation service not to issue more than one certificate? I.e., the
website or validation service can be the MitM.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20160223/dec0450a/attachment.sig>
More information about the tor-talk
mailing list