log☇︎
105 entries in 0.866s
BingoBoingo: I'm suspecting a lot of nodes on the intermediate PRB version numbers 0.8, 0.9, etc before peer-to-peer pki-ism are falling enough that we may have few bridges allowing communication between prb and trb
snsabot: Logged on 2019-06-25 16:35:23 asciilifeform: BingoBoingo: usg ministry of lulz is trying to push usgtronic 'pki' bgp. so, 1st gotta 'make weather', vandalize a bit, drum up interest.
snsabot: Logged on 2019-08-26 14:28:11 shrysr_: thanks asciilifeform and BingoBoingo. also since 'pki' throws up stuff like 'napkin' - is there a way to narrow this down in the search?
asciilifeform: BingoBoingo: usg ministry of lulz is trying to push usgtronic 'pki' bgp. so, 1st gotta 'make weather', vandalize a bit, drum up interest.
a111: Logged on 2019-01-22 17:17 asciilifeform: ok , having read this, i gotta laff, this is yet-another 'oh noez doesn't use usg.pki like inca commanded' 'bug'
asciilifeform: ok , having read this, i gotta laff, this is yet-another 'oh noez doesn't use usg.pki like inca commanded' 'bug' ☟︎
asciilifeform: or take 'Permanence also includes security. Except for the on-chain PKI, in which case you're trusting Ethereum, you shouldn't yet trust Urbit's security at all. Sorry!'
asciilifeform: apparently i was still subscribed to... urbit ml. where today we learn that : 'The tooling around the PKI transition to Ethereum is coming along nicely. Contracts are pretty much frozen. It’s all UI and key generation now.'
asciilifeform: what is 'pki'ism even, if not 'from ur-mother will the blessed milk flow down'
asciilifeform: we don't pki, and we don't ssl.
asciilifeform: ( or at the very least, if not purged, every proggy that attempts to lean on usg.pki-ism should generate a log event )
mircea_popescu: in the first place, what fucking browser, they're multiple, and closed turd vendor crap pushed by utter pantsuit like mozilla, a sort of http://btcbase.org/log/2018-01-13#1770138 samovar. in the second place, the interface is TERRIBLE, and i don't just mean "what javascript" but also "what ssl, what pki, what dns, what the fuck". and then "what html soup, why did it crash, holy hell why does it leak secret data" and on and ON ☝︎
mircea_popescu: dude, this is painful to read. so he correctly explains the problem with trusting the massive "pki" imperial faux-crypto, "too large to practically read, proven insecure, etc". then ? "# Both communication partners have to download the same version 3x of Python from http://www.python.org."
a111: 90 results for "pki", http://btcbase.org/log-search?q=pki
asciilifeform: !#s pki
a111: Logged on 2017-08-22 15:40 valentinbuza: as you can see on the spec, it is not concerned with PKI or your authentication methods, it's up to you
valentinbuza: as you can see on the spec, it is not concerned with PKI or your authentication methods, it's up to you ☟︎
valentinbuza: agree on the TLS part. As I told before, Noise was a partial response for spyked blog post (TLS sucks, PKI sucks). Noise is just a somewhat better choice for the TLS sucks part
a111: 84 results for "pki", http://btcbase.org/log-search?q=pki
trinque: !#s pki
ben_vulpes: very fancy, 'user phriendly', pki
mircea_popescu: there aren't ~that many~ pki systems.
ben_vulpes: in other pki nyooz: http://gcaptain.com/us-announces-selective-availability-gps-devices/
asciilifeform: kinda hilarious, while the two 'cans of campbell soup' duke it out over massive-blox vs elephantine-blox, boring ol' workaday usgolade, e.g. 'pki', quietly made it into all prb variants
asciilifeform: and of course closed-source-remotely-updated-turd-on-closed-remotely-updated-os-sitting-on-usg.ssl-pki is not 'backdoor', didjaknow also.
davout: http://btcbase.org/log/2016-12-22#1588327 <<< guy finds a PKI on the floor, runs to show it to all the other retards... ☝︎
goldfinger: pki?
mircea_popescu: ironically, this shows pki for instance ISNT encryption. but we digress.
asciilifeform: and who won't love 'As far as the conference program goes, the Mesh may be considered as a proposal to replace/augment the existing OpenPGP key server infrastructure with a new one that provides support for multiple PKI based applications and trust models. ... The Mesh makes it easy for a user to transfer an email configuration from one machine to another and offers to automatically configure OpenPGP ... service whose architecture ma
a111: Logged on 2016-08-15 04:55 asciilifeform: in other oldz, http://iang.org/ssl/pki_considered_harmful.html << 'nobody foresaw!!1111'
asciilifeform: in other oldz, http://iang.org/ssl/pki_considered_harmful.html << 'nobody foresaw!!1111' ☟︎
asciilifeform: fromphuctor: ssl/tls (and all pki systems of whatever form) is rubbish.
BingoBoingo: ration of VPN and PKI services. The company CRYPTO-PRO adapts crypto CryptoPro SSP, are widely used, in particular, for the authorization of electronic signatures in the documents. Adaptation also tested cryptographic USB-tokens Rutoken S and Rutoken electronic signature for secure two-factor authentication in computer systems and storage of key information."
mircea_popescu: i'd personally much prefer unicode join the scrap heap with "pki", dns, ntp etc.
asciilifeform: 'Vuvuzela assumes the existence of a PKI in which users can privately learn each others public keys. This implementation uses pki.conf as a placeholder until we integrate a real PKI.' << ahaha
mircea_popescu: https://pbs.twimg.com/media/CP722YKU8AAqoD2.png:large << clearly, more pki is the solution to pki.
davout: you can use https without necessarily relying on the PKI
mircea_popescu: ("https" is not a thing. it's a flavor of usg-pki. burn it.)
mircea_popescu: if you are going to put something, put pgp. not pki, and in no case http for a stateful machine.
mircea_popescu: t we use ecc ? or pki ? they're "perfectly functional solutions" that "other people" have "come to expect" blablabla.
assbot: Logged on 21-07-2015 11:39:59; mircea_popescu: amazon instance -> cloudflare -> internet. all via PKI.
mircea_popescu: amazon instance -> cloudflare -> internet. all via PKI. ☟︎
mircea_popescu: gnutls was marked for death along with everythning else i nthe pki scabies pile
decimation: the hobbyists rarely bother with pki ntp
mats: https://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf << picked up from BingoBoingo's link earlier, "Everything you Never Wanted to Know about PKI but were Forced to Find Out"
decimation: but nevertheless someone thought they should program a check for the expiration date on the pki cert
mircea_popescu: nu-uh, gotta pki the shit.
mircea_popescu: speaking of the broke ass pki, http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-the-gnutls-x-509-verification-code-flaw/
decimation: ^the fact that this is even possible demonstrates the laugh-ability of pki
copypaste: Yep. Only one with PKI BS will be us, hehe.
mircea_popescu: as long as it punctures the pki bs i'm happy.
mircea_popescu: of course they have. usg wants pki everywhere.
mircea_popescu: i don't, because i don't use pki.
davout: (the pki stuff)
mircea_popescu: im not going to even go into the whole pki nonsense, too lazy atm.
mircea_popescu: and speaking of pki, http://31.media.tumblr.com/6414e1f72efb150eea265ba6c835a190/tumblr_n3v281cStV1see514o2_400.gif
mircea_popescu: pki isn't even a thing anymore. i don't use it, for instance.
mircea_popescu: yes, the time for plaintext is over, but because wots and so on, not because pki.
mircea_popescu: "so why are you all pushing pki ? it's fucktarded beyond reason" "no look, it has a whiff of salami right in this spot!"
mircea_popescu: "there's nothing wrong with pki, it just fixes dns."
mircea_popescu: http://log1.bitcoin-assets.com/?date=29-03-2015#1078823 << there's no math behind either ssl or pki, or the usg for that matter. they are political arrangements, "sets of procedures and people" and whatnot.
mircea_popescu: the bug in pki is that any system designed or proposed by any party other than us is security poison.
mircea_popescu: http://log1.bitcoin-assets.com/?date=29-03-2015#1078817 << heartbleed was a bug in PKI. outright.
jurov: dunno better comparison to pki would be a car without steering whell, steered by usg
mircea_popescu: and still pushing the pki ridiculousness.
assbot: Logged on 25-02-2015 14:42:59; mats: https://news.ycombinator.com/item?id=9104188 >> mike_hearn "In the world of crypto, where we've learned so much, yes old means bad. Almost always... How many crypto geeks STILL spout rubbish about how the PKI is totally busted and the web of trust is the future? Way too many... The future of encrypted messaging is not GPG."
mats: https://news.ycombinator.com/item?id=9104188 >> mike_hearn "In the world of crypto, where we've learned so much, yes old means bad. Almost always... How many crypto geeks STILL spout rubbish about how the PKI is totally busted and the web of trust is the future? Way too many... The future of encrypted messaging is not GPG." ☟︎
decimation: used for authentication. The CM MUST use the CM Device Certificate issued from the new PKI when authenticating with a DOCSIS 3.1 or higher CMTS. The CM is to use the CM Device Certificate issued from the legacy PKI when authenticating with a DOCSIS 3.0 or older version of DOCSIS CMTS."
decimation: ah "The CM MUST have two factory installed CM Device Certificates (and their associated private keys). The CM MUST have a CM Device Certificate installed that is issued from the new PKI. The CM MUST have a CM Device Certificate installed that is issued from the legacy PKI. The CM MUST have the same RSA public key in the CM Device Certificate as the RSA public key in the BPKM Attributes depending upon which CM Device Certificate is
mircea_popescu: decimation for sure, making it plain that bitcoin isn't a sort of http / pki / dns / ietf / whatever captive protocol in the courtyard of some us dependent or another is quite valuable. first and foremost for bitcoin.
mircea_popescu: we stand against dns and against govt-sponsored pki schemes. their combination is not likely to resolve that.
mircea_popescu: it'll work fine if we call it PKI instead"
asciilifeform: the only apparent exception is pki, which 'everyone' seems to know is a master key anal orifice of the first order, wherever it chances to appear, and yet virtually no one objects
asciilifeform: pki
bounce: it's better than to not use it, but it is easily done wrong and then there's the whole problem of the PKI industry
ninjashogun: BingoBoingo, reading my message to you on CNN is more secure than a wired link, if the former uses PKI and the latter doesn't. I'm sorry you don't know this distinction.
assbot: Logged on 08-12-2013 16:40:53; mircea_popescu: and the same princuople goes to the "devteam" retards implememnting pki
mircea_popescu: jurov PKI was unusable for reason of insecurity anway
benkay: isn't PKI a nsa plant?
mircea_popescu: all in the name of the "needed" pki, which was never needed by us, it was needed by nsa.
unbalanced: This just in, people... PKI works. That is all.
mircea_popescu: there's reallyno solutions ot the pki crap.
mircea_popescu: and it also goes to jurov's q as to the diff between pki and nanowot.
mircea_popescu: but my point is narrower : that no wot can stand on its own. one of the manyt reasons pki is broken by design, not the most visible one but quite fundamental.
mircea_popescu: on one hand, having a third party involved in any bitcoin transaction, in any way, is breaking the protocol. on the other hand, the pki/dns infrastructure is beyond rotten. tying it into any sort of live project is like taking a spleen off a rotting cadaver and putting it into someone's gut.
Naphex: bip70 you will have to validate the pki
Naphex: you could still stick to the dns and use x509/pki in the same way
mircea_popescu: thestringpuller no. to the pki they tried toi get in "for verifying merchant's addresses" in spite of... everyone's objections.
minersdidit: Deliberately and quite maliciously tried to meld the BleedingHeart openssl vulnerability into the Bitcoin code. The move seemed bizarre at the timei, seeing how there was exactly zero need and pretty much epsilon benefit of implementing such kludge, and given that everyone with a clue involved pretty much agreed PKI is broken beyond repair anyway. To properly understand the implications of this : NSA has had, for two years
asciilifeform: all the buggers had to do was rename it 'pki'
mircea_popescu: we are moving away from ssl and generally pki, and generally usg-crap. forever.
mircea_popescu: we kinda need a pki replacement standard.
mircea_popescu: bounce: hmm... wonder how those bugs ended up in openssl and gnutls. << you needn't wonder. examine the matter plainly : for no appreciable reason, the usg muppets posing as "core devs" started work to meld pki into bitcoin protocol.
ninjashogun: Again, it doesn't matter if you reimplement PKI over javascript.
mircea_popescu: a javascript pki tunnel
ninjashogun: dignork, it doesn't matter who firefox trusts. You can run a complete tunnel using javascript all the way to the final end-point. The whole point of PKI is that it doesn't matter who sniffs packets.
asciilifeform: mircea_popescu: it was 'pki' crapola all the way down
asciilifeform: because PKI == chumpatron
BingoBoingo: ThickAsThieves: Well most DRM is pki based anyway. I don't see what adding a blockchain to it might do other than maybe allow rights transfers. I don't think many people interested in DRM though are people interested in making rights transfers easier though.
asciilifeform: BingoBoingo: the motivations of people who try to bring PKI to bitcoin are no secret.