[tahoe-dev] SSL samurai attack migration ninjas, film at 11

Randall Mason clashthebunny at gmail.com
Sat Oct 29 12:35:16 UTC 2011 

Why would people self sign certificates with the existence of free
certificate options like http://www.startssl.com/?  A self signed
certificate also is unable to be saved in Google Chrome, so it's difficult
to build up trust even with my own servers' self signed certs.  There are
the identity certs too: Client and mail certificates (S/MIME).  You also
get $10,000 of insurance.

The only thing you lose with startssl is the same thing you lose from any
ssl signed certificate: the root certificates trusted by your browser
include the CINIC <http://lwn.net/Articles/372264/> and, in case you trust
an organization possibly controlled by the Chinese government, the rest of
the list of CA root certs are controlled by
selfish corporations/organizations who would turn you in whenever it best
suits them.  You know, that one little thing.

Randall Mason

On Sat, Oct 29, 2011 at 2:54 PM, Shawn Willden <shawn at willden.org> wrote:
> On Sat, Oct 29, 2011 at 2:07 AM, Olaf TNSB <still.another.person at gmail.com
>
> wrote:
>>
>> an object with no WoT (i.e. a new, self signed, SSL cert) is pretty
>> worthless...at least in my mind.
>
> Certainly a new, self-signed SSL cert is worthless, in that it doesn't
give
> you any greater confidence in the site you're visiting than if it used
plain
> HTTP.
> The question is:  Why would you trust the self-signed SSL cert *less* than
> you trust nothing?
> Put it this way:  Is there any information you'd be comfortable sending to
> an unencrypted site but which you'd be uncomfortable sending to the same
> site with a self-signed cert?
> IMO, the point of self-signed certs isn't to allow secure exchange of
> sensitive data.  The point of self-signed certs is to allow casual,
> opportunistic encryption; to decrease the value of general monitoring of
web
> traffic.
> Though an old self-signed cert, one that you've seen hundreds of times
over
> the course of years,  does have significant security value.  IMO, more
than
> a new CA-signed cert.
> I'd also love to see client-side self-signed (or even unsigned)
certificates
> become common as a second authentication factor.  Or even as primary
> identification and authentication for sites that don't handle secure
> information and just want a zero-user-effort mechanism for establishing a
> user account.
> --
> Shawn
>
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at tahoe-lafs.org
> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20111029/720dad00/attachment.html>

More information about the tahoe-dev mailing list