On Tue, Apr 01, 2014 at 11:04:43AM +0100, Philip Hands wrote: > I think the real problem here is the user interface asking one to trust > a site (forever, unless you're concentrating) at a point where you > really don't care because all you're interested in is seeing the cute > picture of an otter on someone's blog. Yes. And the fact that making your blog use an encrypted connection causes either scary warnings for all your visitors, or a lot of hassle trying to find a CA who is slightly less extorting than the others, leads to the result that most people give it up and don't use encryption on their blog. I think at Debian we all agree that it would be a good thing if everything would be encrypted, so this is a very bad outcome. > If browsers treated all new certificates with suspicion, limiting the > things that could be done in javascript, and not allowing forms to be > filled in, say, and then when you decided that you wanted to offer the > site some trust (because you want to fill in your credit card on the > https://amazon-really-it-is.mafia.biz/ site) the browser could then > guide you toward some checks that you might want to perform before > continuing, and because you've got a credit card n your hand you might > be vaguely interested at that point. But what does that accomplish? Having a signature from one of the many CAs on the key doesn't really prove anything. It certainly doesn't mean they're going to be careful with your money. On Tue, Apr 01, 2014 at 06:30:11PM +0800, Paul Wise wrote: > On Tue, Apr 1, 2014 at 6:04 PM, Philip Hands wrote: > > > I think the real problem here is the user interface asking one to trust > > a site (forever, unless you're concentrating) at a point where you > > really don't care because all you're interested in is seeing the cute > > picture of an otter on someone's blog. > > Indeed, the browser vendors basically fell for the NSA's social > engineering and put up scary warnings for a situation that is > approximately equivalent to plain unencrypted HTTP, which they treat > as all fine and good. It's not at all equivalent. When using (good) encryption, the only thing left to worry about is man in the middle attacks. Even when someone is actively performing a man in the middle attack on you, your data is _still_ more secure than a plain text connection, because while the person doing the attack can read your data, the rest of the world still can't. Of course the person doing the attack is probably more of a problem than the rest of the world, but he could read your data if it was unencrypted as well. An unencrypted connection is readable to everyone; an encrypted connection is readable to those in a position to alter your packets. And when they use it, it is detectable (which doesn't imply it is detected, but it probably would be if an organization like the NSA would start doing it on a really large scale). There are three problems to solve: first, you need to know that you're talking to the right person. Second, you need to make sure only that person can read your packets, and third, you need to know that that person is not evil. CAs try (but fail) to solve the first point only. They are however treated by many people as if they solve all three. The second point is already solved and it works just fine. The only problem is that browsers scare away all visitors when you use a self-signed certificate, or one from a CA that isn't recognized. > > Anyway, can we not just have a cacert-certificates package, and then > > people like me, who use cacert, could decide to trust them easily on my > > machines at least? If we instead do things that make it harder for even > > Free Software enthusiasts to use something like CAcert, then the slim > > chance that CAcert might eventually become properly useful gets even > > slimmer. > > From the discussion on #debian-security it sounds like what will > happen is either a ca-certificates-cacert package or adding cacert.org > to ca-certificates but disabled by default. Hmm, I would hope for a ca-certificates-cacert package then. If I have to, I want to explain people that they need to install this; I don't want to explain them how to enable certificates. Encryption is one of those things which should work by default, and any extra required step to make it possible is a bad thing. I've also asked Mozilla to give plain HTTP connections at least as much warnings as self-signed certificates (which would probably mean no warnings for either of them), but I don't think they'll listen. Thanks, Bas
Attachment:
signature.asc
Description: Digital signature