[liberationtech] self signing certs by default

Sacha van Geffen sacha at greenhost.nl
Mon Mar 17 11:09:23 PDT 2014 

*All trust has failed us.*
Both the x509 (hierarchical/commercial) trust model (insecure, broken
brokers are known to exist) and the openPGP Web of Trust(WOT) trust
model(too complex, hard to use and does not map to the way humans regard
trust) suck, and Trust on first use also has its problems (mainly if the
first contact was intercepted).

*Trust is a client problem.*
It is the client that decides over trust issues, so if we want to change
the behavior we should convince the browser vendors.
Then there is the how to represent trust levels to the users in a
meaningful way, as even now wit 'extended validation' and 'standard
validation' this is hard for users to understand. and people will just
click through boxes to get the dancing pigs in most situations.

*What we need is a multi-signal trust model.*
If we could have a scheme that would use a combination of methods (DANE,
different network views, TOFU) we would greatly improve security, if we
have a way to enforce such policies, (so leave the user out) The
insurmountable? problem is to convince browser vendors to implement this
(and/or get standards amended).

sacha


On 03/14/14 18:46, Lucas Gonze wrote:
> Let's say web servers auto generated self-signed certificates for any
> domain that didn't supply its own certificate, likely one from an authority.
> 
> What that would accomplish is to make the stream unreadable over the
> wire, unless the attacker was willing and able to do an MITM with their
> own auto generated self-signed certificate.
> 
> It would not be hard to do that MITM, but it would be orders of
> magnitude more expensive than copying unencrypted bytes off the router.
> It would not be practical to do the MITM against a large portion of
> traffic. The attacker would have to pick their targets.
> 










-- 
We are looking for new people!
https://greenhost.net/about-us/working-at-greenhost/

Greenhost - Sustainable Hosting
T: +31204890444
info at greenhost.nl
https://greenhost.nl/

A digital signature can be attached to this e-mail,
you need opengpg software to verify it. see:
http://tinyurl.com/openpgp-manual

Key fingerprint = 4F15 CE56 36AB A1C2 0D81  BE10 E12B B435 F2D5 2E48

More information about the liberationtech mailing list