RE: how bad is IPETEE?

John Ioannidis wrote on 10 July 2008 18:03:

> Eugen Leitl wrote:
>> In case somebody missed it,
>>
>> http://www.tfr.org/wiki/index.php?title=Technical_Proposal_(IPETEE)
>>
>
> If this is a joke, I'm not getting it.
>
> /ji

I thought the bit about "Set $wgLogo to the URL path to your own logo
image" was quite funny. But they did misspell 'teh' in "Transparent
end-to-end encryption for teh internets".

It does sound a lot like "SSL/TLS without certs", ie. SSL/TLSweakened to
make it vulnerable to MitM. Then again, if no Joe Punter ever knows the
difference between a real and spoofed cert, we're pretty much in the same
situation anyway.

And of course those supposedly transparent fails-and-reconnects will turn
out to be anything but, in practice...

cheers,
DaveK
--
Can't think of a witty .sigline today....

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com