[tahoe-dev] SSL samurai attack migration ninjas, film at 11

James A. Donald jamesd at echeque.com
Sat Oct 29 04:43:44 UTC 2011


On 2011-10-29 4:05 AM, Shawn Willden wrote:
> OT:  Does anyone else think it's crazy that web browsers flash huge red
> warning signs when they see a self-signed cert, as though that's a clear
> indication of some sort of attack being attempted, which is almost never the
> case?
>
> It's always seemed to me than an appropriate browser response to a
> self-signed cert is to accept it and use it to establish an encrypted
> session, but not to display the lock icon or anything else that would make
> the user think this page is especially secure.  For bonus points, browsers
> could implement ssh-style notification of server key changes.

Well of course, but CA's don't want people providing their own 
certificate, even though in practice self signed certificates provide 
almost the same level of security as CA certificates, and certificates 
with ssh-style notification of server key root changes provide a good 
deal more security (ssl providing no security whatever against state 
level and similarly powerful adversaries, and limited security against 
less powerful adversaries, that is to say, no security whatever against 
anyone able to hack any one of a thousand or so CAs)




More information about the tahoe-dev mailing list