[liberationtech] self signing certs by default
Nicolás Reynolds
fauno at endefensadelsl.org
Fri Mar 14 11:38:55 PDT 2014
Lucas Gonze <lucas.gonze at gmail.com> writes:
> Let's say web servers auto generated self-signed certificates for any
> domain that didn't supply its own certificate, likely one from an authority.
>
> What that would accomplish is to make the stream unreadable over the wire,
> unless the attacker was willing and able to do an MITM with their own auto
> generated self-signed certificate.
>
> It would not be hard to do that MITM, but it would be orders of magnitude
> more expensive than copying unencrypted bytes off the router. It would not
> be practical to do the MITM against a large portion of traffic. The
> attacker would have to pick their targets.
>
> Thoughts?
there's perspectives project for decentralized certificate verification
--
http://utopia.partidopirata.com.ar/
More information about the liberationtech
mailing list