Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 5 May 2015 00:55:52 +0000
From: Joe Malcolm <>
Subject: Re: On sanctioned MITMs

mancha writes:
>I agree achieving end-to-end (E2E) security with interposition is an
>interesting security research area. In fact, it would be great if as a
>result of this thread more members of the infosec and oss communities
>were motivated to tackle that. 

I've been thinking for a while that in the non-HTTPS world, it would
be useful to have some kind of content verification without
encryption, through hashes in URLs or the like. But the logical
conclusion from this thread is that it's also useful in the encrypted
context as well, as not all endpoints may be equally trusted.

Having said that, what you do if the content you get back isn't as
expected isn't totally clear.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.