[Cryptography] Certificates and PKI

ianG iang at iang.org
Mon Dec 29 12:27:28 EST 2014

On 26/12/2014 07:03 am, Tony Arcieri wrote:
> On Fri, Dec 19, 2014 at 4:38 AM, Jerry Leichter <leichter at lrw.com
> <mailto:leichter at lrw.com>> wrote:
>     If your goal is security against passive eavesdroppers - and, in
>     particular, against "record everything" government agencies - then a
>     self-signed certificate is as good as anything.
>     If you want to defend against active MITM attacks, then you need a
>     trustworthy certificate.  But as we all know, the current model of
>     hundreds of equally-trusted CA's cannot possibly produce legitimate
>     trust.
> I was a fan of opportunistic encryption for awhile, but after seeing
> this, it started to seem pretty silly to me:
> https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks
> So FUD about CAs aside, without some form of authentication, ISPs (or
> anyone with a privileged network position) can and *are* automatically
> and trivially stripping opportunistic encryption, rendering it
> effectively useless.

That is part of the point of opportunistic encryption:  force the 
attacker to go active.  Now that we see ISPs are stripping the STARTTLS 
flag, we can respond.  Now we know what the enemy wants, now we know how 
far he is willing to go to get it.

Without that, the attacker gets it all for free.


More information about the cryptography mailing list