[liberationtech] verifying SSL certs (was Re: In defense of client-side encryption (Guido Witmond)

[Guido Witmond]

On 08/13/13 19:42, Andy Isaacson wrote:
> On Mon, Aug 12, 2013 at 11:10:39AM +0200, Guido Witmond wrote:
>> There is another problem. You rely on HTTPS. Here is the 64000 
>> dollar question:
>> 
>> Q._"What is the CA-certificate for your banks' website?"_
>> 
>> I ask that question to anyone who claims to be security conscious. 
>> No one has given me positive answer so far. Not even a wrong 
>> answer. Only that people don't know.
>> 
>> So I take it for granted that people won't verify anything, ever.
> 
> FWIW, I did run my browser in "trust on first use" (TOFU) mode -- I 
> deleted all the CA certs and manually added exceptions for each
> site, as I encountered the certificate warnings -- for several years.
> I've given up on that for modern websites because
> 

To be honest, I wouldn't win my quiz either. Could use the money, though :-)

I deleted the certificate and relied on CMU's Perspectives to tell me
what certificate they've seen for each name.

It worked quite well for most sites. But big ones, like Google use a
different certificate for each endpoint. And Perspectives registers the
server-certificates it detects when it connects to the servers, not the
CA that signed it.

At one point in time, my bank made it easy to win the quiz. They wrote
the name of the CA on their home page. But they removed it as it offers
no benefit against scammers (who would write their CA in that place) and
probably confused a lot of customers.

Perhaps some got even scared about that and found it less safe than
without it.

I to have given up on expecting security from the global CA's. That's
why I want to see DNSSEC succeed.

With DNSSEC, the bank specifies their CA certificate and my browser can
validate it. To give an error when that doesn't match.


Guido.