Remove unnecessary HTML line breaks.

2023-06-26 01:34:52 +01:00 · 2023-06-26 01:34:52 +01:00 · cc23fba208
commit cc23fba208
parent b24d0070a3
1 changed files with 2 additions and 23 deletions
--- a/blog/untrusted_the_issue_with_decentralisation.html
+++ b/blog/untrusted_the_issue_with_decentralisation.html
@ -5,7 +5,7 @@
 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->

-<!-- Version: 4.1.0.18 -->
+<!-- Version: 4.1.0.19 -->


 <html>
@ -29,15 +29,9 @@
 		</div>
 		<body>
 				<h1>Blog - #2</h1>
-				<br>
-				<br>
-				<br>
 						<h2>Untrusted: The Issue with Decentralisation</h2>
-						<br>
 								<p class="update_date">Posted: 2022-06-30 (UTC+00:00)</p>
 								<p class="update_date">Updated: 2022-10-29 (UTC+00:00)</p>
-						<br>
-						<br>
 						<!-- Table of contents. -->
 						<h2 id="toc"><a href="#toc" class="h2"
 						>Table of Contents<a/></h2>
@ -55,9 +49,6 @@
 										<li><a href="#conclusion" class="body-link"
 										>Conclusion</a></li>
 								</ul>
-						<br>
-						<br>
-						<br>
 						<h2 id="introduction"><a href="#introduction" class="h2"
 						>Introduction</a></h2>
 								<p>A recent trend is seeing people move towards decentralised services and platforms. While this is
@ -66,8 +57,6 @@
 								there is no way to pin a key to a specific person, to ensure that you are communicating with the
 								same person you are supposed to be communicating with. In this article, I will discuss some of the
 								security issues with the decentralised model.</p>
-						<br>
-						<br>
 						<h2 id="examples"><a href="#examples" class="h2"
 						>Examples</a></h2>
 								<h3 id="examples-messaging"><a href="#examples-messaging" class="h3"
@ -81,7 +70,6 @@
 										servers, which makes the physical security trusted. As for remote security, should a user's password
 										be compromised, it can typically be reset if the user can prove they are the owner of the account
 										via some form of identification; this is where the trust issue of decentralisation occurs.</p>
-										<br>
 										<p>In the decentralised model, keys are kept on the users' devices, in their possession. While this
 										soveriegnty is welcomed, it introduces a critical flaw in the security of communicating with anyone
 										via a decentralised platform; should a user's device be lost, stolen, or otherwise compromised,
@ -94,8 +82,6 @@
 										literally no way to know if the person you are communicating with is the real person or an imposter;
 										there is no root of trust. This point is fatal; game over. The only way to establish trust again
 										would be to physically meet and exchange keys.</p>
-						<br>
-						<br>
 						<h2 id="solution"><a href="#solution" class="h2"
 						>Solution</a></h2>
 								<p>I'll cut to the chase; there isn't a definitive solution. The best way to handle this situation
@ -104,7 +90,6 @@
 								offline? Only by thinking logically and tactically can you solve both the issue of centralisation
 								and decentralisation. Often, one size fits all is never the correct approach, nor does it typically
 								work.</p>
-								<br>
 								<p>In order to avoid the issue of loss of trust due to lack of root of trust, all users' keys must
 								be stored in a centralised location where all contacts are able to go to in case of compromise or to
 								periodically check the state of keys and to see if they have changed. This centralised location
@ -112,7 +97,6 @@
 								person who initially signed up for the platform, using a trust-on-first-use (TOFU) model, which
 								isn't much different than what today's centralised platforms are already doing; the only difference
 								is who is controlling the location; trust is still present and required.</p>
-								<br>
 								<p>In order to have a root of trust, I have posted my keys to my website, which is protected by
 								multiple layers of security:<br>
 								<br>
@ -128,14 +112,11 @@
 										it.</li>
 										<li>I have enabled DNSSEC on my domain, so it is extremely difficult to spoof my domain to make you
 										believe you're connecting to it when you're actually connecting to someone else's.</li>
-								</ol>
-								<br>
+								</ol></p>
 								<p>While not the most secure implementation of a root of trust, it is the most secure implementation
 								currently available to me. While the domain name registrar or virtual private server host could
 								tamper with my domain and data, they are the most trustworthy parties available. In its current
 								form, decentralisation would make this impossible to implement in any form.</p>
-						<br>
-						<br>
 						<h2 id="conclusion"><a href="#conclusion" class="h2"
 						>Conclusion</a></h2>
 								<p>Do not demand anonymity; demand privacy and control of your own data. Complete anonymity makes it
@ -155,7 +136,5 @@
 								Decentralisation does not solve the government issue. In order to live a happy, fun, and fulfilled
 								life, while protecting yourself against logical threats, there are only two words you must live by:
 								Threat model.</p>
-						<br>
-						<br>
 		</body>
 </html>