105 entries in 0.74s
BingoBoingo: I'm suspecting a lot of nodes on the intermediate PRB version numbers 0.8, 0.9, etc before peer-to-peer
pki-ism are falling enough that we may have few bridges allowing communication between prb and trb
snsabot: Logged on 2019-06-25 16:35:23 asciilifeform: BingoBoingo: usg ministry of lulz is trying to push usgtronic '
pki' bgp. so, 1st gotta 'make weather', vandalize a bit, drum up interest.
snsabot: Logged on 2019-08-26 14:28:11 shrysr_: thanks asciilifeform and BingoBoingo. also since '
pki' throws up stuff like 'napkin' - is there a way to narrow this down in the search?
a111: Logged on 2019-01-22 17:17 asciilifeform: ok , having read this, i gotta laff, this is yet-another 'oh noez doesn't use usg.
pki like inca commanded' 'bug'
mircea_popescu: in the first place, what fucking browser, they're multiple, and closed turd vendor crap pushed by utter pantsuit like mozilla, a sort of
http://btcbase.org/log/2018-01-13#1770138 samovar. in the second place, the interface is TERRIBLE, and i don't just mean "what javascript" but also "what ssl, what
pki, what dns, what the fuck". and then "what html soup, why did it crash, holy hell why does it leak secret data" and on and ON
☝︎ mircea_popescu: dude, this is painful to read. so he correctly explains the problem with trusting the massive "
pki" imperial faux-crypto, "too large to practically read, proven insecure, etc". then ? "# Both communication partners have to download the same version 3x of Python from
http://www.python.org."
a111: Logged on 2017-08-22 15:40 valentinbuza: as you can see on the spec, it is not concerned with
PKI or your authentication methods, it's up to you
valentinbuza: as you can see on the spec, it is not concerned with
PKI or your authentication methods, it's up to you
☟︎ valentinbuza: agree on the TLS part. As I told before, Noise was a partial response for spyked blog post (TLS sucks,
PKI sucks). Noise is just a somewhat better choice for the TLS sucks part
mircea_popescu: ironically, this shows
pki for instance ISNT encryption. but we digress.
BingoBoingo: ration of VPN and
PKI services. The company CRYPTO-PRO adapts crypto CryptoPro SSP, are widely used, in particular, for the authorization of electronic signatures in the documents. Adaptation also tested cryptographic USB-tokens Rutoken S and Rutoken electronic signature for secure two-factor authentication in computer systems and storage of key information."
mircea_popescu: i'd personally much prefer unicode join the scrap heap with "
pki", dns, ntp etc.
davout: you can use
https without necessarily relying on the
PKI mircea_popescu: if you are going to put something, put pgp. not
pki, and in no case
http for a stateful machine.
mircea_popescu: t we use ecc ? or
pki ? they're "perfectly functional solutions" that "other people" have "come to expect" blablabla.
assbot: Logged on 21-07-2015 11:39:59; mircea_popescu: amazon instance -> cloudflare -> internet. all via
PKI.
mircea_popescu: gnutls was marked for death along with everythning else i nthe
pki scabies pile
decimation: the hobbyists rarely bother with
pki ntp
decimation: but nevertheless someone thought they should program a check for the expiration date on the
pki cert
decimation: ^the fact that this is even possible demonstrates the laugh-ability of
pki copypaste: Yep. Only one with
PKI BS will be us, hehe.
mircea_popescu: im not going to even go into the whole
pki nonsense, too lazy atm.
mircea_popescu:
pki isn't even a thing anymore. i don't use it, for instance.
mircea_popescu: yes, the time for plaintext is over, but because wots and so on, not because
pki.
mircea_popescu: "so why are you all pushing
pki ? it's fucktarded beyond reason" "no look, it has a whiff of salami right in this spot!"
mircea_popescu: the bug in
pki is that any system designed or proposed by any party other than us is security poison.
jurov: dunno better comparison to
pki would be a car without steering whell, steered by usg
assbot: Logged on 25-02-2015 14:42:59; mats:
https://news.ycombinator.com/item?id=9104188 >> mike_hearn "In the world of crypto, where we've learned so much, yes old means bad. Almost always... How many crypto geeks STILL spout rubbish about how the
PKI is totally busted and the web of trust is the future? Way too many... The future of encrypted messaging is not GPG."
mats:
https://news.ycombinator.com/item?id=9104188 >> mike_hearn "In the world of crypto, where we've learned so much, yes old means bad. Almost always... How many crypto geeks STILL spout rubbish about how the
PKI is totally busted and the web of trust is the future? Way too many... The future of encrypted messaging is not GPG."
☟︎ decimation: used for authentication. The CM MUST use the CM Device Certificate issued from the new
PKI when authenticating with a DOCSIS 3.1 or higher CMTS. The CM is to use the CM Device Certificate issued from the legacy
PKI when authenticating with a DOCSIS 3.0 or older version of DOCSIS CMTS."
decimation: ah "The CM MUST have two factory installed CM Device Certificates (and their associated private keys). The CM MUST have a CM Device Certificate installed that is issued from the new
PKI. The CM MUST have a CM Device Certificate installed that is issued from the legacy
PKI. The CM MUST have the same RSA public key in the CM Device Certificate as the RSA public key in the BPKM Attributes depending upon which CM Device Certificate is
mircea_popescu: decimation for sure, making it plain that bitcoin isn't a sort of
http /
pki / dns / ietf / whatever captive protocol in the courtyard of some us dependent or another is quite valuable. first and foremost for bitcoin.
mircea_popescu: we stand against dns and against govt-sponsored
pki schemes. their combination is not likely to resolve that.
bounce: it's better than to not use it, but it is easily done wrong and then there's the whole problem of the
PKI industry
ninjashogun: BingoBoingo, reading my message to you on CNN is more secure than a wired link, if the former uses
PKI and the latter doesn't. I'm sorry you don't know this distinction.
assbot: Logged on 08-12-2013 16:40:53; mircea_popescu: and the same princuople goes to the "devteam" retards implememnting
pki benkay: isn't
PKI a nsa plant?
mircea_popescu: all in the name of the "needed"
pki, which was never needed by us, it was needed by nsa.
unbalanced: This just in, people...
PKI works. That is all.
mircea_popescu: and it also goes to jurov's q as to the diff between
pki and nanowot.
mircea_popescu: but my point is narrower : that no wot can stand on its own. one of the manyt reasons
pki is broken by design, not the most visible one but quite fundamental.
mircea_popescu: on one hand, having a third party involved in any bitcoin transaction, in any way, is breaking the protocol. on the other hand, the
pki/dns infrastructure is beyond rotten. tying it into any sort of live project is like taking a spleen off a rotting cadaver and putting it into someone's gut.
Naphex: bip70 you will have to validate the
pki Naphex: you could still stick to the dns and use x509/
pki in the same way
mircea_popescu: thestringpuller no. to the
pki they tried toi get in "for verifying merchant's addresses" in spite of... everyone's objections.
minersdidit: Deliberately and quite maliciously tried to meld the BleedingHeart openssl vulnerability into the Bitcoin code. The move seemed bizarre at the timei, seeing how there was exactly zero need and pretty much epsilon benefit of implementing such kludge, and given that everyone with a clue involved pretty much agreed
PKI is broken beyond repair anyway. To properly understand the implications of this : NSA has had, for two years
mircea_popescu: we are moving away from ssl and generally
pki, and generally usg-crap. forever.
mircea_popescu: bounce: hmm... wonder how those bugs ended up in openssl and gnutls. << you needn't wonder. examine the matter plainly : for no appreciable reason, the usg muppets posing as "core devs" started work to meld
pki into bitcoin protocol.
ninjashogun: Again, it doesn't matter if you reimplement
PKI over javascript.
ninjashogun: dignork, it doesn't matter who firefox trusts. You can run a complete tunnel using javascript all the way to the final end-point. The whole point of
PKI is that it doesn't matter who sniffs packets.
BingoBoingo: ThickAsThieves: Well most DRM is
pki based anyway. I don't see what adding a blockchain to it might do other than maybe allow rights transfers. I don't think many people interested in DRM though are people interested in making rights transfers easier though.