Send Bristol mailing list submissions to
bristol@mailman.lug.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.lug.org.uk/mailman/listinfo/bristol
or, via email, send a message with subject or body 'help' to
bristol-request@mailman.lug.org.uk
You can reach the person managing the list at
bristol-owner@mailman.lug.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bristol digest..."
Today's Topics:
1. Re: OT: SSL / Convergence (Christopher Horler)
2. Re: OT: SSL / Convergence (Christopher Horler)
----------------------------------------------------------------------
Message: 1
Date: Mon, 12 Jan 2015 21:10:06 +0000
From: Christopher Horler <cshorler@googlemail.com>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] OT: SSL / Convergence
Message-ID:
<CAAeT8m_ALzL-nviBX_8vNV_hyVx=zu1OgN88C4hEk0weqcjnJw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
On 28 December 2014 at 16:28, Christopher Horler
<cshorler@googlemail.com> wrote:
> On 21 December 2014 at 17:58, Christopher Horler
> <cshorler@googlemail.com> wrote:
>> On 21 December 2014 at 15:17, Alex Butcher (LUG) <lug@assursys.co.uk> wrote:
>>>
>>>
>>> On 21 December 2014 13:42:45 GMT+00:00, Conor O'Neill <conor_lists@puddle.co.uk> wrote:
>>>>On 19/12/14 08:38, Chris wrote:
>>>>> Interesting read / software
>>>>>
>>>>> http://convergence.io/
>>>>>
>>>>
>>>>Very interesting, certainly worth watching their video about it, but be
>>>>aware that it is 48 minutes long:
>>>>http://www.youtube.com/watch?v=Z7Wl2FW2TcA
>>>>
>>>>Has anyone else tried using this? I see that its from 2011, but it
>>>>doesn't seem to have gained much publicity.
>>>
>>> I used it for a while, but disabled it when I was getting excessive memory use by Firefox, and I don't think I re-enabled it. I don't think it was Convergence's fault, though.
>>>
>>
>> No, I was reading a related article on security.stackexchange.com - on
>> a government's MITM attack on SSL, pointing out the problems with
>> trusted root CAs. Convergence strikes me as a better security model,
>> although I didn't listen to the talk yet... (I knew it existed
>> though!)
>
> I have now tried it... it didn't work (google.com wouldn't load,
> opensuse.org only loaded partially - it's probably a mixed SSL / no
> SSL content webpage), futher investigation required (wireshark...)
>
> - but I'd hazard a guess that one or more of the notaries don't exist
> any longer (I tried to add another to the default configuration
> unsuccessfully).
reading the mailing list shows this is no longer updated:
https://lists.riseup.net/www/arc/convergence-dev/2014-01/msg00001.html
The above link only works if you click a button here:
https://lists.riseup.net/www/info/convergence-dev
There is a updated repo here (not reviewed):
https://github.com/mk-fg/convergence
There is a newer project / IETF draft here (I don't know how I'd go
about establishing a trust network... anyone?)
http://tack.io/
------------------------------
Message: 2
Date: Mon, 12 Jan 2015 21:50:04 +0000
From: Christopher Horler <cshorler@googlemail.com>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] OT: SSL / Convergence
Message-ID:
<CAAeT8m_1O+P3XQKyweRnm9QnXvmv3quc3Tq8A2vZ8tLfkCvkKg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
On 12 January 2015 at 21:10, Christopher Horler <cshorler@googlemail.com> wrote:
> On 28 December 2014 at 16:28, Christopher Horler
> <cshorler@googlemail.com> wrote:
>> On 21 December 2014 at 17:58, Christopher Horler
>> <cshorler@googlemail.com> wrote:
>>> On 21 December 2014 at 15:17, Alex Butcher (LUG) <lug@assursys.co.uk> wrote:
>>>>
>>>>
>>>> On 21 December 2014 13:42:45 GMT+00:00, Conor O'Neill <conor_lists@puddle.co.uk> wrote:
>>>>>On 19/12/14 08:38, Chris wrote:
>>>>>> Interesting read / software
>>>>>>
>>>>>> http://convergence.io/
>>>>>>
>>>>>
>>>>>Very interesting, certainly worth watching their video about it, but be
>>>>>aware that it is 48 minutes long:
>>>>>http://www.youtube.com/watch?v=Z7Wl2FW2TcA
>>>>>
>>>>>Has anyone else tried using this? I see that its from 2011, but it
>>>>>doesn't seem to have gained much publicity.
>>>>
>>>> I used it for a while, but disabled it when I was getting excessive memory use by Firefox, and I don't think I re-enabled it. I don't think it was Convergence's fault, though.
>>>>
>>>
>>> No, I was reading a related article on security.stackexchange.com - on
>>> a government's MITM attack on SSL, pointing out the problems with
>>> trusted root CAs. Convergence strikes me as a better security model,
>>> although I didn't listen to the talk yet... (I knew it existed
>>> though!)
>>
>> I have now tried it... it didn't work (google.com wouldn't load,
>> opensuse.org only loaded partially - it's probably a mixed SSL / no
>> SSL content webpage), futher investigation required (wireshark...)
>>
>> - but I'd hazard a guess that one or more of the notaries don't exist
>> any longer (I tried to add another to the default configuration
>> unsuccessfully).
>
> reading the mailing list shows this is no longer updated:
> https://lists.riseup.net/www/arc/convergence-dev/2014-01/msg00001.html
>
> The above link only works if you click a button here:
> https://lists.riseup.net/www/info/convergence-dev
>
> There is a updated repo here (not reviewed):
> https://github.com/mk-fg/convergence
>
> There is a newer project / IETF draft here (I don't know how I'd go
> about establishing a trust network... anyone?)
> http://tack.io/
Also interesting reading:
https://github.com/namecoin/namecoin
Combination of convergence plugin and the above
https://github.com/JeremyRand/Convergence
------------------------------
_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol
End of Bristol Digest, Vol 585, Issue 4
***************************************
Tidak ada komentar:
Posting Komentar