The most recent 20 comments posted to Making Light by Josh Larios:

There was only one moment in any of the infodump sections of the book where I went back and re-read it because I didn't think it was right. From the web of trust section:

But if you want to understand security, you need to consider the most paranoid possibilities. Like, what if I tricked you into thinking that my public key was your boss's public key? You'd encrypt the message with your private key and my public key. I'd decrypt it, read it, re-encrypt it with your boss's real public key and send it on. As far as your boss knows, no one but you could have written the message and no one but him could have read it.

I'm still not sure that's right. That's only a problem if you sign the plaintext first, and then encrypt. If you encrypt to the recipient first and then sign that, the man in the middle can certainly open and read the plaintext, but he can't change who it's encrypted to and then re-send it with your signature. The only way for that attack to work is for both of the correspondents to have the wrong public keys for each other. The web of trust does protect against that, so it still makes sense. But there's a piece missing from the explanation.

Given that the book is full of topics I'm interested in, and I can only think of one case where I feel like I might have spotted a technical flaw, I'm not complaining. I'm used to experiences more like Jurassic Park's ridiculous "it's a unix system--I know this".

I'm going to buy a copy for my less technical, just-turned-25 brother and see what he thinks of it. It pushes all the right buttons for me, but given what it's about, I expected it to.

I'd misread part of the thread on the craiglist forums, leading me to believe that the version at sfsocialists was assembled from the craigslist posts--I see now that it wasn't. My mistake, sorry.

Either way, it's an astounding account. I'd seen the Geraldo Rivera/Shep Smith clip before, but the full import of what they said didn't really sink in until I read this piece. Every time I think I can't be any more disheartened by the massive ineptitude/malice on the part of the authorities down there, I'm proven wrong.

Heh. I knew I should have used my full name.

But, yeah. The possibility that it's true makes me ill, and I hate that conditions are such that I'm inclined to believe it. What the hell is going on?

Comment statistics for Josh Larios on the Making Light blog

Total: 3 comments. View all these comments on a single page.