Personal Cloud (was: Did Ed Snowden do the right thing?)

John Shaver bobjohnbob at gmail.com
Tue Jun 11 11:17:39 MDT 2013


My understanding is that verisign doesn't have private keys, only public
keys.

However having the CA private key does allow for sophisticated man in the
middle attacks.  This can be circumvented by verifying the key signature,
rather than just trusting the CA, but then, I guess, what is the point of
even using SSL?

Is there a distributed alternative that allows people to verify that the
public key they receive is actually yours?

-John


On Tue, Jun 11, 2013 at 10:55 AM, Jessie A. Morris <jessie at jessieamorris.com
> wrote:

> On Tuesday, June 11, 2013 10:53:12 Lonnie Olson wrote:
> > Not really, this idea won't get you much farther.  Sure your data at
> > rest is safe from the US, but your data in transit is not.  And guess
> > what?  Unless you only use sneakernet, your data has to be in transit
> > at some time, and most of the time it will cross the US.
>
> Encryption exists. If you're using the right encryption, it doesn't matter.
> Unless you're assuming the NSA has backdoors into all the crypto methods,
> too,
> that is.
>
> And I'm not talking about SSL. SLL is broken due to the Certificate
> Authority
> problems. If the Government has access to Google, Facebooks, etc. data, you
> can guarantee that they have coerced Verisign to give them a certificate or
> two.
> --
> Jessie A. Morris
> 801-210-1526
> jessie at jessieamorris.com
>
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>


More information about the PLUG mailing list