Linked by Thom Holwerda on Thu 21st Nov 2013 23:46 UTC
Internet & Networking

"We can end government censorship in a decade," Schmidt said during a speech in Washington. "The solution to government surveillance is to encrypt everything."

Setting aside the entertaining aspect of the source of said statement, I don't think encryption in and of itself is enough. Encryption performed by companies is useless, since we know by now that companies - US or otherwise - are more than eager to bend over backwards to please their governments.

What we need is encryption that we perform ourselves, so that neither governments nor companies are involved. I imagine some sort of box between your home network and the internet, that encrypts and decrypts everything, regardless of source or destination. This box obviously needs to run open source software, otherwise we'd be right back where we started.

Is something like that even possible?

Thread beginning with comment 577267
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Comment by pcunite
by WereCatf on Fri 22nd Nov 2013 06:28 UTC in reply to "RE[2]: Comment by pcunite"
WereCatf
Member since:
2006-02-15

I think he mean that if you use a self-signed certificate on your site all your visitors get the rather scary browser warning.


If that's what he means, well, there's just no workaround for that. I mean, he could get a certificate that's signed by one of the CAs and then his visitors wouldn't get the warning, but then it wouldn't be self-signed. And on the other hand, if browsers just accepted self-signed certificates the whole point with certificates would've just been rendered moot; you can't have your cake and eat it.

Reply Parent Score: 3

RE[4]: Comment by pcunite
by Lennie on Sat 23rd Nov 2013 09:21 in reply to "RE[3]: Comment by pcunite"
Lennie Member since:
2007-09-22

You just need something to anchor that trust on.

Currently, trust is anchored in your browser by including a bunch of CA root certs.

The easiest way currently to do something about that would be DNSSEC and DANE.

Where all DNS data (domain names and public-key information) is signed directly by the owner of the domain.

Everyone already trusts DNS. Your visiting www.osnews.com right ? Not: 74.86.31.159

Edited 2013-11-23 09:22 UTC

Reply Parent Score: 4