Like I said when Zoom acquired Keybase: crypto is better with friends. The Keybase folks are amazing, as are @alexstamos and @matthew_d_green.
Which specific characteristic is desirable, that we can check we got the same binary? I mean, I suppose that does mean less reliance on CA, it's far more common to have malicious or compromised provider?
-
-
Today’s Web model means attacker who pops provider or channel can serve arbitrary updates / code, including targeted to individual users. Native’s defense is to do codesigning/TUF so attacker has to compromise that key/source code. Web has **no** equivalent protection, not yet.
-
Ah-ha, you're not concerned about a malicious provider, or provider ordered to insert a backdoor - only a compromised provider who is unwittingly serving a backdoor. I agree there's not parity there, although not sure native story is so great either!
- 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
