[All Lists] [By Thread] [By Date] [Previous] [Next]

From: Devorah
Subject: Protocol and instances
Date: 28 Shevat 5782

There is a bootstrap problem.

My implementation receives a certificate. To verify the signature, I need the issuer's public key. To trust the issuer's public key, I need something to verify it against.

Browsers ship with root certificates. Without them, you cannot verify anything. The first connection requires trust that was established outside the protocol.

We can say "no hardcoded endpoints." But we must ship with something. Otherwise the administrator cannot verify that the service they are configuring is legitimate.

Thread:

• Re: Protocol and instances, R. Halevi (26 Shevat 5782)
• Re: Protocol and instances, Devorah (26 Shevat 5782)
• Re: Protocol and instances, R. Feldman (27 Shevat 5782)
• Re: Protocol and instances, Katz (27 Shevat 5782)
• Re: Protocol and instances, Devorah (28 Shevat 5782)
• Re: Protocol and instances, Katz (28 Shevat 5782)

[Previous] [Next]