« First « Previous Comments 68 - 95 of 95 Search these comments
Is it possible to implement a replacement for SSL with no change to browsers and no centralized certificate authorities?
That would take care of encryption and MITM attacks and leave all the spook agencies out of it.
richwicks I suspect there is a way to make a replacement for SSL/TSL which is so simple that it's hard to leave any holes.
For identifying the remote server to prove it's not a fake, how do you trust that your DNS gave you the right IP back?
You just need something that only real the owner of the domain can do, l like creating a file on the server.
Mentioned this before, Corbett did a solutions watch last year where he spoke with a few people pioneering new messaging and internet. I'm sure they worked through some of these same questions.
Do you want to eliminate the need for a Central Authority (CA)?
richwicks says
Do you want to eliminate the need for a Central Authority (CA)?
richwicks Yes, exactly.
PROVING who you are, that's another problem
richwicks says
PROVING who you are, that's another problem
Is there a way to rely on DNS for that?
I can see that DNS normally has no encryption, so your request could be intercepted and you could be given a bogus IP. Fix that, and things are good, because people trying to hit, say, patrick.net would know they really hit it.
But how do you know which signature is, say, really the one from patrick.net?
but PROVING who you are, that's another problem.
I have seen this done where websites have been blocked by removing them from the DNS database.
Fuck proving who you are. You wanna surf the web, do it at your own risk. No authority, no verification other than what users agree on amongst themselves. Back to newsgroups!
richwicks says
I have seen this done where websites have been blocked by removing them from the DNS database.
Could that DNS block be defeated by having the web site put out its actual IP address?
richwicks I suspect there is a way to make a replacement for SSL/TSL which is so simple that it's hard to leave any holes.
Maybe we could all browse via a local http proxy which takes in http requests and generates sftp requests. That would take care of encryption and there would be no certificates needed.
For identifying the remote server to prove it's not a fake, how do you trust that your DNS gave you the right IP back?
You just need something that only real the owner of the domain can do, l like creating a file on the server.
There should be a push to move to simpler browsers. What we have today are as complex as operating systems, and 10000 times more insecure.
richwicks says
There should be a push to move to simpler browsers. What we have today are as complex as operating systems, and 10000 times more insecure.
how about Brave and Firefox ? or Chromium ?
.
No I mean much simpler. Something like NetSurf:
richwicks says
No I mean much simpler. Something like NetSurf:
I run Linux (Ubuntu) on my HP desktop (2017 model). Chromium and Firefox crash sometimes. I'll try NetSurf.
You might have to compile it.
I'm not saying NetSurf is a usable program, I doubt it is, but I'm saying browsers should be as simple as that. I wouldn't install NetSurf on my machine, but I've played with a few very simple browsers before. Some don't even support the ability to play video inline.
what I'm suggesting is contact information isn't www.patrick.net but rather something like e5725089ef32b85aa3e35d4d67c70e7f
richwicks says
what I'm suggesting is contact information isn't www.patrick.net but rather something like e5725089ef32b85aa3e35d4d67c70e7f
I had a similar idea, but something which can be remembered by a human, like 4 or five words. The average person knows about 25,000 words, so four of those gives 390625000000000000 distinct combinations. That should make a sufficiently large space of four-word names that people can remember.
I am using NetSurf now. Seems rather crude or overly simple, but it is fast and does not crash.
« First « Previous Comments 68 - 95 of 95 Search these comments
People seem to INSIST on using cloud storage, which removes your ability of privacy, so I'm going to write a strong encryption program using the NaCL librarary;
https://nacl.cr.yp.to/
The goal here is that the resulting encrypted data is impossible to recover without getting the original key. Keys are changed regularly, and being able to brute force one block will give the attacker no advantage in cracking the next block.
Also, it will be computationally expensive to attempt to crack even with specialized hardware. This increases energy consumption and slows down the encryption and decryption, but also will make brute force attacks 1000's of times slower.