[tahoe-dev] SSL samurai attack migration ninjas, film at 11
Shawn Willden
shawn at willden.org
Sat Oct 29 11:54:12 UTC 2011
On Sat, Oct 29, 2011 at 2:07 AM, Olaf TNSB
<still.another.person at gmail.com>wrote:
> an object with no WoT (i.e. a new, self signed, SSL cert) is pretty
> worthless...at least in my mind.
>
Certainly a new, self-signed SSL cert is worthless, in that it doesn't give
you any greater confidence in the site you're visiting than if it used plain
HTTP.
The question is: Why would you trust the self-signed SSL cert *less* than
you trust nothing?
Put it this way: Is there any information you'd be comfortable sending to
an unencrypted site but which you'd be uncomfortable sending to the same
site with a self-signed cert?
IMO, the point of self-signed certs isn't to allow secure exchange of
sensitive data. The point of self-signed certs is to allow casual,
opportunistic encryption; to decrease the value of general monitoring of web
traffic.
Though an old self-signed cert, one that you've seen hundreds of times over
the course of years, does have significant security value. IMO, more than
a new CA-signed cert.
I'd also love to see client-side self-signed (or even unsigned) certificates
become common as a second authentication factor. Or even as primary
identification and authentication for sites that don't handle secure
information and just want a zero-user-effort mechanism for establishing a
user account.
--
Shawn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20111029/f8f2a703/attachment.html>
More information about the tahoe-dev
mailing list