[liberationtech] self signing certs by default
Lucas Gonze
lucas.gonze at gmail.com
Fri Mar 14 10:46:30 PDT 2014
Let's say web servers auto generated self-signed certificates for any
domain that didn't supply its own certificate, likely one from an authority.
What that would accomplish is to make the stream unreadable over the wire,
unless the attacker was willing and able to do an MITM with their own auto
generated self-signed certificate.
It would not be hard to do that MITM, but it would be orders of magnitude
more expensive than copying unencrypted bytes off the router. It would not
be practical to do the MITM against a large portion of traffic. The
attacker would have to pick their targets.
Thoughts?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140314/1dd6a13d/attachment.html>
More information about the liberationtech
mailing list