Date: Tue, 5 May 2015 00:55:52 +0000 From: Joe Malcolm <jmalcolm@...eus.com> To: oss-security@...ts.openwall.com Subject: Re: On sanctioned MITMs mancha writes: >I agree achieving end-to-end (E2E) security with interposition is an >interesting security research area. In fact, it would be great if as a >result of this thread more members of the infosec and oss communities >were motivated to tackle that. I've been thinking for a while that in the non-HTTPS world, it would be useful to have some kind of content verification without encryption, through hashes in URLs or the like. But the logical conclusion from this thread is that it's also useful in the encrypted context as well, as not all endpoints may be equally trusted. Having said that, what you do if the content you get back isn't as expected isn't totally clear. Joe
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ