[Cryptography] Certificates and PKI
ianG
iang at iang.org
Mon Dec 29 12:27:28 EST 2014
On 26/12/2014 07:03 am, Tony Arcieri wrote:
> On Fri, Dec 19, 2014 at 4:38 AM, Jerry Leichter <leichter at lrw.com
> <mailto:leichter at lrw.com>> wrote:
>
> If your goal is security against passive eavesdroppers - and, in
> particular, against "record everything" government agencies - then a
> self-signed certificate is as good as anything.
>
> If you want to defend against active MITM attacks, then you need a
> trustworthy certificate. But as we all know, the current model of
> hundreds of equally-trusted CA's cannot possibly produce legitimate
> trust.
>
>
> I was a fan of opportunistic encryption for awhile, but after seeing
> this, it started to seem pretty silly to me:
>
> https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks
>
> So FUD about CAs aside, without some form of authentication, ISPs (or
> anyone with a privileged network position) can and *are* automatically
> and trivially stripping opportunistic encryption, rendering it
> effectively useless.
That is part of the point of opportunistic encryption: force the
attacker to go active. Now that we see ISPs are stripping the STARTTLS
flag, we can respond. Now we know what the enemy wants, now we know how
far he is willing to go to get it.
Without that, the attacker gets it all for free.
iang
More information about the cryptography
mailing list