[Cryptography] Certificates and PKI
Tony Arcieri
bascule at gmail.com
Fri Dec 26 02:03:04 EST 2014
On Fri, Dec 19, 2014 at 4:38 AM, Jerry Leichter <leichter at lrw.com> wrote:
> If your goal is security against passive eavesdroppers - and, in
> particular, against "record everything" government agencies - then a
> self-signed certificate is as good as anything.
>
> If you want to defend against active MITM attacks, then you need a
> trustworthy certificate. But as we all know, the current model of hundreds
> of equally-trusted CA's cannot possibly produce legitimate trust.
>
I was a fan of opportunistic encryption for awhile, but after seeing this,
it started to seem pretty silly to me:
https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks
So FUD about CAs aside, without some form of authentication, ISPs (or
anyone with a privileged network position) can and *are* automatically and
trivially stripping opportunistic encryption, rendering it effectively
useless.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141226/f3bde0f8/attachment.html>
More information about the cryptography
mailing list