But how would one simple member of the audience easily determine if this whole chain of events is valid, when they don’t even get how it works or what to look out for?
You’d have to have a public key of trusted sources that people automatically check with their browser, but all the steps in between need to be trusted too. I can imagine it is too much of a hassle for most.
But then again, that has always been the case for most.
This is just standard public key cryptography, we already do this for website certificates. Your browser puts a little lock icon next to the URL if it’s legit, or provides you with a big, full-page warning if something’s wrong with the cert.
I know, but as a physical, mobile object as a camera is involved I imagine it’s much more vulnerable to man-in-the-middle attacks than today’s TLS certificates for sites. There are more moving parts / physical steps and the camera is probably not always online.
But in essence you are right, operating the camera the same way as a server should be possible of course. We need some basic trusted authorities that are as trusted as we have for our current TLS certificates.
What it will prove, is whether the video is actually of a specific camera certificate. Not who owns the camera, if it has been swapped or if the video footage is real.
But how would one simple member of the audience easily determine if this whole chain of events is valid, when they don’t even get how it works or what to look out for?
You’d have to have a public key of trusted sources that people automatically check with their browser, but all the steps in between need to be trusted too. I can imagine it is too much of a hassle for most.
But then again, that has always been the case for most.
This is just standard public key cryptography, we already do this for website certificates. Your browser puts a little lock icon next to the URL if it’s legit, or provides you with a big, full-page warning if something’s wrong with the cert.
I know, but as a physical, mobile object as a camera is involved I imagine it’s much more vulnerable to man-in-the-middle attacks than today’s TLS certificates for sites. There are more moving parts / physical steps and the camera is probably not always online.
But in essence you are right, operating the camera the same way as a server should be possible of course. We need some basic trusted authorities that are as trusted as we have for our current TLS certificates.
What it will prove, is whether the video is actually of a specific camera certificate. Not who owns the camera, if it has been swapped or if the video footage is real.
…what audience?
I mean the viewers of the video.