Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 5 May 2015 00:55:52 +0000
From: Joe Malcolm <jmalcolm@...eus.com>
To: oss-security@...ts.openwall.com
Subject: Re: On sanctioned MITMs

mancha writes:
>I agree achieving end-to-end (E2E) security with interposition is an
>interesting security research area. In fact, it would be great if as a
>result of this thread more members of the infosec and oss communities
>were motivated to tackle that. 

I've been thinking for a while that in the non-HTTPS world, it would
be useful to have some kind of content verification without
encryption, through hashes in URLs or the like. But the logical
conclusion from this thread is that it's also useful in the encrypted
context as well, as not all endpoints may be equally trusted.

Having said that, what you do if the content you get back isn't as
expected isn't totally clear.

Joe

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ